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#a± ma IEBS 
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(57) BHH 

i? ? J 7 is hit. <7'<*.y7-&— tVcK&r 
5SSMI©^Kt7 * ;l/F$Uffl«1tfB (De.f a u 1 
t Usage Right) ^iU nyfV'yO 
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m>m i ] 

*eM1T f V >r— *y a >x * ft t± KWQJlllff 7 7 U -Jr 

m*B4] 
fiOIEttttgUlStBti* 

3 vx^yco^As^at-iiffl-r s«AS£^tf7 r 

oVT. M!S®A3£l?f?77 0 yy-->3>. SfctefS 
&i&2mfx77 P U — : ^3 >oi/->-rn*^ss?LTHff 

[11*0(5] 

(EKB) E«y'J-*«*afflLT««2nS*f«&{fc 
^-y-D-y^ (EKB) OSfKi QmWvJffeft*— <0 



(2) ^912 00 4-5 4 7 4 4 

2 

awe* o T©*«fl»Ritta*-T»a& 5 . 

fMEmMt3r-7vv? (EKB) ©aWIfc J: 5 n 

yv fUffl*flWB*S6ff -r * 5 -fe ^xd— a t l tow 
yott^iaaoiBfcjeaaifcftJBf^^y— f*- (d 

NK) frgtsm%}<t*-7W? (EKB) fcttttbfc 

[■WW 7] 
[fS:£3t8] 

Bg^tn >f>-y ott-^fe itmsfejaaftsiffr *«* 

MA 3 > r > y <DS4ffllT- £ n > r v v ©tSBffi 
IT* fe 5 fr* W£f SXf-^i:, 

CMAB9] 

ayryyoHKBSfclBUH:, KKMinyfyy 
*c(*4n* nfeKB7 7 U K^IE^tcS^^ 

50 Cl»*^10] 
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(3) 

3 

B^SStRXx>yy^:fe^Tjg^Lfc7'>:/y T-'sb -v 

C«*^12] 20 

3 Vx V7 K c tc £ K> Bt#{t£nfc3 VxV^T-fe 

(EKB) iB<S^ 'J-iI*lfflUT«f^n5tafb 
4i_^p (EKB) ©a#{cit)^#RlHg^-© 

Mien yfyystwxf^ 7"«, 
tuiB^^-^a-y^ (ekb) (omm&miczza 

mmt-r^m>msicis.m<omnmm^'^ so 
ratals i 3] 

> >y 5pJffl««$8^fgfT-r 3 7 -f -t >X -9— M 3 If 

J!li«Cit^t45f'WX/-F*- (DNK) 
•&tr#^ift;^-^Dy ^ (EKB) ex 

x— c7^7> Hcfctt^vx^y^ts^tas 

^ ^ 7 > h fc *f L T 5M«"T & X x ? 7° £ - 

m#m i4] 



004-54744 

4 

5] 

m x n v -f > v <o n t* i. 3 > x v y © 
bit- & % 3 x r * r t . 

swkfflSxxyT*^ 

W&9BM^^LTz=i Vr^yfrlfflftttSSi: lt©f7 
* ;l/ h fUfflflMt *<BK3£fcS"3 < SSerJSWSMIX x 
y7i, 

otnti 6] 

3 ^ x > % * ^ -r 7 v h (c^-r ^ 3 v x 

j&i^t^t^Sf'WX/- (DNK) 
^tr^ttft*— ^ny^ (EKB) %«lflUfc1?— If X 
f-^fc, ^^-<7>'h{c43^^3>x^ , yc0tSS8Ma 
tcfev^TB^Rl5fJ^^@ffl-r^3>xV^?iJffl«tflS 
L T«D 7^7 * ;l/ b «ffl«1f 98 1 * X x >y ^ 

&& L,1tV- exx- ^i:f7*;Vh $JJ3ttflMB t * ^ 
^^Z^h^MbTiMM-r^Xxy^i:. 

zmirz c tztftm.fr a.- 2 • 7d^7A. 

[000 1] 

3>x>^yWffl«io^K: ; &^ 

«L, ^fc^ 3>x>-y©iSffi> K¥ffiS^pJtgi:LT 

3.— ^tc^-r s 7 }s*i/7)\'i&zii/7-z/vmmfflgi&$£ 

[0 0 0 2] 

C^JfeCSTfi] 

BTf4-, B-^x— Z, y-A7o^7^ ®^x— ^.^s 
i«4y7h7X7r-^ (WT, Ctl?.%3yf>7 
(Content) fcn?^) O, 

7 h7-^ fc&VHi, ^^'J*— K> HD, DVD, 
PC (Personal Computer). IB^S 
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[0 0 0 3] 

IBSS^SB. y-A«Wk PC#©««*»»ct4. 3 
— X, fcSWi**!;*— K, HD, DVD. C D^FfC 

[0 00 4] 

^>fyytt fi^«MifcbT¥affl«n* castas 

& y-A«gg§, PC^1WiWI*»*i»603.--WB 
[0 00 5] 

[0 0 0 6] 

Site, 3^f>yi, 3^v*y*siffl^-*3p]ffl*2:* 

ssctewiu a-if»cji«r*tij«*i«wsnT^ 

[0 0 0 7] 

BT*©3 >''7-> /% y©fJffl7b , i5jHii:^:§ h^-D ft->7fA 
[0 0 0 8] 

[fgB^^ L J: 5 fc-T SUM] 
[0 0 0 9] 

a* 3 i/T- >y <omm *ir % mm i/ ^ ^ t n fts^ 



(4) #P,f 2 00 4-5 4 7 4 4 

6 

[0 0 10] 

rtS%HKLfc±-Px ^T^yoWAfcfffc^fc^i: 
[0 0 1 1] 

L&^7 U — <DV -y-7)l>?— 2 Jt=L— 9* left LTSS^-T 
■pT> nvf^o- gp-e&^Tfe* ayfyyiM 

[0 0 12] 

fiHft-T * c i: % S «i: T 3 t ©T'$ 

[0 0 13] 

30 MS73i*s Mmcnvea.-^ • yn^A*»«-r* 

[0 0 14] 

WH§{tn >t- >>y cDtg-Sffc J; tra£8LS*!lffr -5 fit$S 
40 MiefMSP^JSte, 

n > t- -y v mmmm m t l t <d * ^ v ? ijffl«nt n <d 

[0 0 15] 

io g^nrcssn7'^^oK«fii^a^<nv7-^ < ys^« 
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7 

W5r««**u mam^eta. 3>T>v<o$mm 

[0 0 16] 

ssffiiaanff7 7v 7— ~>3 yco^-m^siR lt^ 

[0 0 17] 

T- ->3X $ It »4tOBiaJiS5fT7 7U 7— ^3 ><D V v 
[0 0 18] 

^Ifc^nfcn^xVyT'fet), iSB3>fV7+- K c 
ttx'*3Mfctff-7ny* (E K B) E«y'J-««*a 
BLTS^Sn**S!MMr-7ny* (EKB) 

(ekb) ©tf fflita 5 n >f y^^-^fffii?: 

[0 0 19] 

3 yf^^m^Ufft^ 5 7 7 ^ h tc^-T 5 3 V7 

*7-C7>h*»6©2Efia5*»c:jSCT, WHtfbn^V 
'y©«^^©IRte&»fc&3-7>W;*y"— (D 
NK) ^tf#J»{b^-7a«v^ (EKB) *»*flbfe 
b*^7— ^ils 

^7^7> Mcfetf 33>xV*y©i^®Sfc&<^TS 

^RTSfflSteaflS - *** =i v-tv >y fUffl«iflM8 t ur©7 

[0 0 2 0] 



(5) ftffl 2 0 0 4 - 5 4 7 4 4 

•r & #i«**f * c *w« * o 

[0 0 2 1] 

Bg4f{b3 >r y y ©s^t* «fc tfH£*lS**ft f £1*«8 

ST* £ 3 fr^J^-T £ x x •>> 7 ^ 

HA 3 yfV^OStMiT* & 3 C i: i: L T*fr 

[0 0 2 2] 

fe-znrctmy : 7?<D&femicm-3< 3yfyyi£i 

«FRjflW8%*U Huf23^-r> > y^fJfflX7^7l±. 
[002 3] 

fci±i^5Q ! il!ifT77<j y-i ^3 >ov»-jrn*»*w?"r 
7tt, ilfflffiSSWf-y 7 , fi:'*V'»TaRbfc7'77*y y- 

[0 02 4] 

r-Y;VOS£S^cS-^v^T> »AH^Hff77U-Jr—> 
3 S fct±Mffi*aSHff 77'J 7— > 3 xo^-fnfr 
ZMiR? ^SS^X r- y 7£rW MfE3 yf >">S^IW 
r >y 7li , SuieS^X x -y 7tc «, > T SS? b fc 7 «> 
7'J7-^3 vtcfil!t>Tllff«-*J:t*W«i:-r*o 

[0 0 2 5] 

ttffEBt^{t3^-ry > yt±, 3^Ty > y^-K ctciOBt 

^{t?n7i3>x^yr*fe t). mti^yr-yv*— k c 

50 tt. mmt^r-yo (EKB) EfiV 'J -«SSc^S 



9 

fflLT«««n*«»ffc*-^ny^ (EKB) (DGm 
aft^-7a-^ (EKB) ©ffi-^gtciSn^xV 

-rso 

[0 0 2 6] 

* 9 -< 7 v h 6 ©ss»gi*3Mrr § x t- y y t . 

ffla©Rte£HSi:fc*f*/VXy— F*— CD N K) 
<$&m%)lt3—7nv'? (EKB) t*X 

i: L TO t* y * ;l/ h $lftffift*B £ 3 x r- y f 

Q&isity— m.t&—* try** hmmmmmt*'? 

[0 0 2 7] 

tmmmmftmc&^-c. Ty*)Vhmmmmn*. 

[0 0 2 8] 

*awo»5 0«jii»± N 
Bf^ffcn >x >V <Dm^*s «fc tf S^MS^ff ^ n 3^ A 

SIT- fe § *¥U£f * Xff/i, 

3 v t- > y o tsttaia t * « c t t l TUfr-r s 

*«rr*ci: Save a-* • yn^Atc 

CO 0 2 9] 

* 9 f 7 V h fr£ oa«»**5Wl-r S X r >y 7 1 , 



(6) #i2 00 4-54 7 4 4 

70 

©3I©|gUC&g£&3'T/WX/--K*- (DNK) * 
-^tfW^ft^-^D-y^ (EKB) «T«ifflLfc-9— tTX 

i: l tcdx y *>i v mmmmn t tts.rn.-r § xf- y y 
v-rrvMcttLTiint-rsxxyyfc, 

CO 0 3 0] 

CfTUB] 

efault Usage Right) ^r?Sj»U 3 

>-r -y y com amhj^t# t> %:^Mmwm<Dmc f7 * ;v 

hfiJffl«1fSltcS^^T3VrVyS4>bWor$n, a 

ff*v\ 7*y*)\sYmmi&mnz:mt2>iruTzsYiz 
mfe-$nzz:£ic%:2><DT\ urn.?*— zmmfticfem 

CO 0 3 1] 

— fc^JSf SERB tbTO/N—K»jS EKB [EKB 
jo (H) ] fc, az/T-z/ymmv— exfc*fjSLTK5££ 

nfc*-rdfy 7'j -tMJS-rs ekbj: ttw-ex 

SfJSERB [EKB (S) ] teft-rSiES&DNKfcW 
CO 0 3 2] 

40 fSEIfMtfk WAtfx CD^FD, MO* 

fCi^T««Rlftg*nVlfi-^ • 7uy?L>T*3bZ 0 
C © <t 5 * 7 s n ^ ^ A * 3 V If a — ^ rTR&JBS TH« 

A fS C fc^SJA^H3R « n £> o 
CO 0 3 3] 

50 xritiis aa»©»«osi3ie?»^««-pfe9, 
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77 

[0 0 3 4] 

[f|B.E<r>ilJg(DJfcffiO 

2. *-E««^fcbT<0yU- (*) IBJfiteO^T 
3- EKB^teffibfc^-OiE* 

4. EKB07*-Vy> 

5. >yy-©*-rdfU^-» 

6. nyfyyiAfei^ii 

8. y n ^ y F7 r I'WeJ; 5 n vfyyo-^iBi 

[0 0 3 5] 

[i. 3yf>ya«^fira 

-fTvuott, 3yfy*;*fii< -rfcto^wasW 
aai»tuTofli«Ma^Bt«Tfife*o mtfpc, pd 

.7yiJ^3V12S*U CPU*©1BI»¥Kfc:.J: 
9:7^'7'9 r l 1, ^■7-<7>'h7"7 p y^— v-3 V 1 2{& 

[0 0 3 6] 

XfSo/Vy y 7 -y TV y x h 7«y& =» filffl 
^Eiffl03 yf y y 7 r lto 'J 3 ^ y K7 r 

mmicmm-r^n&m^^^tvr, y^7 

[0 0 3 7] 

^LTy3y7^-A2h 5-ftm-^2 2, 

■y-— /<2 3t±. j^7^7ynoK»UT3yfyy* 

a^-T^o 7^tyX^-^2 2«, *7-f7>'h#*?!l 

^r^nv^^y©^^^^--^:^ l-ojcj* 

LT*i«-r-So £fc, ya>y7t-M2 Hi. y^7 
yh i 0tf^ls'rl/y>t$$A?2>ffi<omnkVZl&f& 

SK*U *7^7Vhfr50»A**Witt*©B#* 



(7) #112 0 0 4-5 4 7 4 4 

72 

[0 0 3 8] 

se>ic, -ya y7t-^2 k fcit/v-r-tryx-y— A 
2 2 tea. ny7vfA3 i««saK«n*o ti->xf 

A3 1li, y377it-A2 l tfgttttttfcy^^V 
h 1 OA^oonV-rV^S^c^-rSfFRllf^tbTa 

igtsh^yfi'yayi d (tid) <onWBM. 3 

70 age Right) ©§WHTO*flfc3. cn£<D$a 
[0 0 3 9] 

ttfc* i'7-i'7ynoii, 7^-ty7>D--^2 2*^ 
<Dfij/ffi#<DS2». 3yfy7it- >S2 zii>£><D^zs7-'y 

yty®*, ^7^7y h77Vy- VI 2<D%M<D 

t3*Tf&fflmtt. ^7^7yh77'^-y3yi2 

O^MOT^y^^-tf 1 1 ^SiLT^fT-rSo 
[0 0 4 0] 

20 m 1 fctts 9^7:/ US* tf 1 O-^O^L 
te£»S8t<£*U *-7-f7VMis S*4->3^7t)- 

^fcgSBcU §y s y 7it-/^t*a«t^3yf y7^ 
g£fc:3g3?u I«tf;3yfy7%^Lfc3yfy 
n-'^^^yfyy^iU u^Lfcny^v^ 

[0 0 4 1] 

3yry^ii, Bf-^fkn v-T-yyJ: LT3yfyyt- 

/^2 2fr6^7^7yl- 1 OlCttlsTli. 

tx, i-7^7yh i oo?7/f7yh77yy-y3y 

[0 0 4 2] 

^7^7yHoa, 3>-ry^fiJffl«tca-5< n>f 

7C7^ (EKB:Enabl ing Key Bio 
40 c k) , f;UX • 7-F • (DNK : D e v i c 
e Node Key) f<D8f-?%W5 0 

— 7o yy(EKB: Enabling Key 
Block), f'WX (DNK:De 
vice Node Key) ti, uZ/y-l/WMffi*: 

x <d &m m t p > =r > v u r mm Rifig 1 1 %> rc & 

mT—t*T*%>Zo EK'B. DNKfcO^Tlis 
50 [0 0 4 3] 
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^-t^xtr— A2 2«, 3>^>yspjffl*ftteB 

■^TfflffiitflWH (Usage Right) £±figL 

T3.-if x^-<7> 3 o ££>fc, fl-^f 

A3 1 ©S«t5f;WX/-K^- (DNK : D e v 
ice Node K e y) , s&aMfc*— ^ny 5 (E 
KB:Enabling Key Block) icS^ 
^T^-lTXf-?^MLTi'7^7>F 1 Ote«# 

(Dmc&^t ex • f;VX/-F*- (SD 
NK) «fO«t-7By^ (EKB) «^tr 0 
[0 0 4 4] 

-TSCttfT'^i.^— *r;V^f*-<7 (PM : P o r t 
able MedlaJOSaWfiyj'T^h 
(Check-out) »»C«JS) OiBV^S, jK 

-?7^^f^7 (PM:Portable Medi 
a) ti«ittf79y*>a^*y % Srcti/J^HD. ftx 
-fX^, )£g&«7V X?, M D (Mini Disk) 

[0 0 4 53 

fcfPC, y-—?<m<DisXT2±l£*ft?t\<Di&W£lSVfi 
[0 0 4 6] 

■5c CPU (Central Processing 
Unit) lOltt, ROM (Read Only M 
eraory) 1 0 2 {£fE1I£*lT^£>:&fl7 p n^ A, 
fcSWi, SSttESP 1 0 8 fCtSlfl^n^ RAM (Rand 
om Access Memory) 103 {CD — Kc? 

0 0 tttt-BMaa^fr *V\ *07*flHB*CPU 1 0 1 
[0 0 4 7] 

ROM (Read Only Memory) 102 
«, C P U 1 0 1 ;&M£ffl*S:/n$^A J MMtffl©/<5 
— BSf 5 — ^SS*«*W«o RAM (Rando 
m Access Memory) 103 (is CPU1 

JK^ttC PU/W&£;fr&*j*Sti;5/<*l 1 UCfct) 
[0 0 4 8] 



(8) 4$ |H 2004-54744 

(DNK:Devlce. No 
de Key) , mmt$— 7D?j» (EKB : En a 
bling Key B 1 o c k) <Dmi%®Mh IT, 
#8;Uf D ES .(Data Encryption St 
a n d a r d) OWft7;WJ XA^ilffl LfcB&#& 

% MAcm *MEffla«*nff-rso £5fc, ft&o 

[0 0 4 9] 

£6P 1 0 5 t±, M*-f£ A TRAC (Adapt 
ive Transform Acoustic Co 
ding) 37?5£, MPEG, J PEG^f, 

1 1 2, F^l 1 0*^rLT'JA-;V;l€«|» 
1 2 l^?.Sfctta«gPl 0 9^/|-LTA77-rSo Sfc 

Sc 

[0 0 5 0] 

XtnX7-rv^7i— X 1 1 2fct±, 3 1 — Jp— K, T^X 
m<OXtimi 0 6, CRT, LCDfOf^xyW, 
^kT— *S5*»6a*ffl*»l 0 7, /n-Kt^X^IP© 
IS«a5l08, tfi, #-5t;V7^«c±-3T 

[0 0 5 1] 

50 [2. *HEflHlJ«fcbT©yy- CrtO *iifcov> 
T] 

F^tXMVi'y^J'ay (Broadcast E 
n c r y p t ion) ^©H^TfcSVU— *J*te 

[0 0 5 2] 

03©*T&(c^-f-?-^o~i stfnyfyyW?: 

7 : leaf) ^n^no^^^JCffiSf So 
[0 0 5 3] 

ti^o8bte*jv>T, 123^-rpg/f yj — cto »3tfc 

felt 3 i #© V - 7 *> 6 ;b— h KM 3 S T*© / — K KM 
f?ST?>nfctt (/— K4=— ) fe±lf*'J— 7©U— 7 
^-Jb^SS^-ty F (-fVWXy— (DN 
K: Device Node Key) ) ^tr^^E-D &c+§ 
Ifi-rSo 03OSTSC*TKOOOO~K1 1 1 ltf 

50 §f;wxo~i siczti^nmv^r 
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-T-fctK I±SOKR 01/- h*-) «T«*» 
£2§B<Dgi5 (/— H) KKMRStifc*- : KR-Kl 

1 1 */-K*-fc-r*. 

[0 0 5 4] 

-7*-K0 00 0fc, /-Mr- : KOOO, KO 
0, KO, KR^WtS. f;W^5ttK010U 

ko i o, ko k ko, KR^m^rr&o f/Wl 

5 Kll IK K11K K 1 h K 1, KRSrfifr 

*rr*o fcfe, B3© , y , J-Kttf/w^o~i so 
i 6 <i<d&ib«£ n, >y u -«it«» 4 ©#&a©i3fe<o 

CO 0 5 5] 
[0 0 5 6] 

ft^f;UX0, l, 2, 3*W— ©IMWKMMHV'' 
5 l -DO^d/— T/fcLTRj&rSo coiStt? 

tttt9f«H»te3 >xVy»£®3aW— ***** ?> W 

&7*rwxt<D i r—5'm&m*fi%: : bmmt. 03 

©j6»T?HA,J£ff$K t^f^UXO, 1, 2, 3 
[0 0 5 7] 

V * f A &C «fc ^ TSEiS LT^S L 

<fc o T iOl/- 7* c* Kt 5 #§j£ i: L T «fc 



(9) #1200 4-5 4 7 4 4 

[0 0 5 8] 

coyj— «ate*v»Ts 0 3^e.Bjp»*^<t-9m, 1 

•O£D^;l/-7 , {C-&Sn-S3OO7 i A'l'7N0, 1, 2, 3 
tix/WT./— K3=— (DNK : De v i c e Nod 
e Key) fcLT«IO+-K0 0, K0, KR^ 
70 tff'WXy-K*- (DNK:Device Nod 
e Key) *»frt"*o CO/— K*-ftW«lJ3c*fiJ 
ffl-fSC £*££»?, M^tf«IW-*f/W7 0, 

i, 2, 3<D*tea«r*ci:*TOrfiBi:**o fcfc* 

fcf, «Ilcfitt5/-K#-K0 0&, f;WX0, 
1, 2, ate^a-f SffiW*— 4:**. $fc> Srfcfc* 
-K n e w%/-F*-K 0 0 T'^ttftttE n c 
(K00, Knew) h 7— ^rffLTifcSt^ 

mmmmctm^TT^-cxo, 1, 2, 3tcE?Enr 
ntf, f'^xo, i, 2, 3<D&h\ ?nfnof^ 

20 VXK*S^T^*S^/-K*-KOO*flI^TW 
§Enc (K0 0, Knew) ^^Tli/iW-K n 
ew^SCfc^Rlfigfcft^o Enc (Ka, K 

b) ttKbfcKate^TWH^kLfcf 9 — 

[0 0 5 9] 

SSBfrftt *Ci5^T, f;W3 0itt5S: 
K001 1, K001, K00, KO, KR 

^ninM. yXri (f^WXO, 1, 2, 3© 
30 SOP— 7/) T-8£«£n*'r-**3 s Sfci&k:, xVW 

It, /—Y*— : KO O 1 , K 0 0, K 0, KR5:fn 
JftURfcaftK (t) 001, K (t) 00, K (t) 

0, K (t) Rfc^ffU f/WXO, 1, 2fC^©K 

CCT% K (t) aaa 
&±, UK a a aOtSft (Generation) : tO 

[0 0 6 0] 

jeer*— oE**a3aov»TRWi"*o *-o5tr*±, tai 

40 0 4 (A) ^-rW^t^-^D v * (EKB : 

Enabling Key Block) t«Ftfn*7 
n y * x— * (c «fc -r>T#|j££ni> ffrttlt t *tf* 

1, 2ft«t&-r*CtfcJ:"5T3(|fT«n«o ^*3, *5S) 

fb^-^py^ (ekb) it. m3ic^-r^o^yv — 
?ns. wafk^-^a-y^ (ekb) a, *-mm7 

(KRB : Key Renewal Bloc 

50 k) fcpptfnscitfefeSo 
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[006 1] 

04 (A) teJj^:&J&{tar-7ny* (EKB) tctt, 

omit, mzicTTs-rw—mM^ffU^o, i, 2 

-5 fc % f'Wxo, f;WXitt, Sffy— F 

4 1 — fcLTK (t) 00, K (t) 0, K (t) Rtffc 
(t) 001, K Ct) 00, K (t) 0, K (t) R 
CO 0 6 2] 

04 (A) (DEKBtc^n&J^KEKBfCtiffi^t© 
BS#{fcSr— **&*ft*o ftTSfDH^t^-ti. E n c 
(K00 1 0, K (t) 00 1) T?fcS 0 Cftli-r/V 
X2OjfO';-7*-K00 1 OtCfcoTBg-Sfffc^nfc 
JBKy— K*-K (t) 00 1T-&D, tvWX2&, 

U K (t) OOimcfc^tfS. 
H*)mitK (t) OOl^l^T. 04 (A) OT*»6 
2©aOBf^ft^— E n c (K (t) 00 1, K (t) 
0 0) ttm^f&ZKV. Mff/-K^-K (t) 00 
*if*C fctfl?**. WFHBfc* 0 4 (A) CD±fr£>2 
©iOBg-^{t*-E n c (K (t) 0 0, K (t) 0) 
SrflHfU S£r/-F*-K (t) 0, 0 4 (A) ©± 
*»6 laiOBB^fl:^— En c (K (t) 0, K (t) 
R) ^rtf^L-K (t) R%^i»o -7?, fWKOO 
00. K 0 O O 1 »x /- F*-K 0 O OttJHfit5» 

t±, K (t) 0 0, K (t) 0, K (t) RT'fcl. 7 s 
/WXKO 000. KOOOlti, 04 (A) <D±frZ 
SSgOBg^ft^— E n c (K0 0 0, K (t) 0 0) 
^rffl^LK (t) 0 0, «Bt»U £CF> 0 4 (A) O 
±A>6 2fiiO*fft*-Ene (K (t) 0 0, K 
(t) 0) *fl»U Mffy-F+-K (t) 0, 0 4 
(A) ©±a»6 l«B©fl»fl:*-En c (K (t) 
0, K (t) R) ^a^-LK (t) R%f#3o CCDi^ 
(CLT, f/WXO, 1, ZltW.^hfcm.K (t) R?r 
#S<li:^T?€* 0 &*3, 04 (A) (D-fVx-y^X 

[0 0 6 33 

0 3 fcavr v y -«jt<D±ft©<D/ - f*- : k ( t ) 

0, K (t) ROHf*^!?J»i), y-K^-Koo 

o*©3e«f«yi« , <eai"e**»&fc«x 04 (b) os 

SMMr— "fnvir (EKB) Mfr/- 
K*— K (t) OO^f/WXO, 1, 2 fCgEflJ-f £> C 

CO 0 6 4] 



(10) #M2 0 04-54744 

04 (B) iz^rTEKBit, Mz.teftM<D7>^—7tet5 

^TPim-rzmrziz^ yf *E*irr « 

T'rtCf/WXO, 1, 2, 3#fc3fa08£{**ffl<^T 
fet), fTfc^ttaonVT-^y^ 1 — K (t) conW 
gT-$«i:t« 0 cofcfr, f/WXO, 1, 2, 3<D 
«5i©y— K*— KO O^SSfLfcK (t) 0 051^ 
Tg?/'c^a<DMfr=i>"rVy*— : K (t ) c o n^r 
Bt^ftbfcx-* E n c (K (t) , K (t) c o n) 
70 £0 4 (B) K^tEKBfcfctfcBfStS, 

tc«fc f/W4ftH, *-©ffi<£>20V— :/©l8§§^33 

CO 0 6 5] 

f/WXO, 1, 2{4EKB**aSUT»fe 
K (t) O 0*)iV^TiJB»X*llWtltf, tf$j£ 

aVfyvt-K (t) c o neffSCfcftTOtttca: 

So 

CO 0 6 6] 

20 [3. EKB4«iLft*-oeil] 

m£tC-&M*Zai/7->y*—K (t) con*1»**l 
3I0!I£UT, K (t) OO^ffl^TSrfta^iBOnyf 
V>y*-K (t) con^ftUcf-^Enc (K 
(t) 00, K (t) con) £04 (B) fcjgVTEK 

jjVTo ^&fc>^EKBfc«fc3l«re{fc;*'J''fe— 5*5*— 
3>f V7^-K (t) contlfcfT$5. 
CO 0 6 71 

T^?/-h'*-K0 0 0£JS^T_hj&bfc£l^8lE>E 
K BjiaiKJ; *?, /-K^r-K (t) 0O*4«tS. 

«^LftjBRy-F*-K (t) OO^flft^T 
Mfr^Vx^y^-K (t) con^LT, mc^r 
n*«fflt*ftftKS^«tt*WO'J 0 0 0 
O^Bg^fkbTt&lfrrSo 
CO 0 6 8] 

[4 . E K BO?*— V>y h] 
40 0 6 \cmmt*r-7u y 5 (E KB) ©7*-v>y F«?0 
^■To A-^3>2 0 1 tt, *raMt*— 'T'ny * (E 
KB) CO/^-^a V^-TBgiJ^-eSfeSo :&*5s S> 
a Mi«$T©E K B*«g«J'r««lii:3 Vf-vyfcOSt 

* (EKB) ©E^©7*/WXtem-*Rt»y'J-© 
»«»*j^t-o x— 2 0 3li, mWC*—7 
uy* (EKB) 4 3 ©-r-^g|5<DffiK^-r^l'>'^T- 

^stf-TV* 2 0 4 It* ^gpotiH, 
*2 O 5ttl«<Ofi»*wt#l'y*Ta5«. 
JO CO 0 6 9] 
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x-^gP2 o 6 a. &mmmi-%s- F*-*iWb 

Co 0 7 o] 

tt, f-^rfc UT$fefC0 4 (A) 1»«WUfeW!6ft:*- 
7D-y^ (EKB) «:jJH^-r*fi»J«:^LT^5o CORf 
cDx— §7©I (b) KjjVr<fc3lCfcSo ^©i: 

ggj^-K (t) R#-&**XTV*©"^ h y ~?S ~~ F 
*Enc (K (t) 0, K (t) R) 0 7© (a) 
if it. E n c (K (t) 0 0, K (t) 0) T*£*K V 

tt te (L) £ (R) fctTHSSn*. 

Ilg©f-?Enc (K (t) 0, K (t) R) ©£ 

^<DT\ RZ?= 1 t^TCf-^tC^ 
^tS^^n, 0 7 (c) te^Tf— 

[0 0 7 1] 

-r— ?Enc (Kxxx, Kyyy) A^'J- 

fecDT'fe^o f»— *»IC«IS«tl**— r-^E n c 
(Kxxx, Kyyy) . . . It, *K ft* 

le, JtOi 4 T-SJHJiLfcilfiE© J: 3 teBS^bf — 

0 : En c (K (t) 0, K (t) root) 
00 : Enc (K (t) 00, K (t) 0) 
000: Enc (K ( (t ) 000, K (T) 00) 

. . . (D&?ixT-2mj£t.?zzti>iiimv&zi3\ 

ffi«*^ , TS!5l7*— * i: ttl^S c t let 

[0 0 7 2] 

0 6fcM-?"^ EKB 7*—~?v h iCOt^T? S>fcUJW 
•f i> 0 a« (Signature) 2 0 8«, W8&fb^ 
-7D7^ (EKB) *RtfLfcWAtf«ra-feV*- 

A, fe«VHi->a y^- /^tfUfrTSWTF* 
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20 

«T*fe^ 0 E K B£S^Lfc-r;WXtt§£8&IiEfc:«fco 

zmm%:m%)<t*-7vv ? (ekb) sgfHftfRffi, 
M?a&{t:*-7a<;>* (ekb) Tfe^ct^sitg-r 

CO 0 7 3] 

[5. yV-V>iJ?3\)Qm 

;o KB**. 

CO 0 7 4] 

0 8 ICVSMV U — «BSO* f-^ U W*SWo 

-K r o o t 3 0 1 WTO^IHStCtty- 
F*-3 0 2*flKJgStV «TSiCt±, 'J-7+-3 0 

CO 0 7 5] 

j&xdry y- f 3 o 4 tLTS^t^o -rafe-sJBMa 
g <d y — f <d&* x J y <d x/W xis^ y - f 

fc-r^.o *MS©lo©y-F*lJljS(tLTJWTs m + 

lm&LTo/— f, y— ^-o^-rrjy^-g-sns 
T^wxwr^y— Ffeitfy— 7t-r*o 

CO 0 7 6] 

#lx.fcf0 8cDg§M©@CDl -PO/-H3 0 5fC«^xr? 

y [y^-yx-ry-r* as®) ] ^?n> to/- 

tt'j^tusssni.. t%w> y— F3 0 5W 
x©gssy— f. isitfy— 7om*tLT^«-r«o 

CO 0 7 7] 

s&t, M©^e»a©^Tffio©%-9-r*xrfyy-F 

3 0 6i:Ltagni:ttft*f5. {?Ox{f0(c^-rJ: 
•Mc^-rriy [^^yxf^'^l /-K3 0 5O2S 
Toy— Ffc, ^t'JXf^-yi'^tftfW?) 

40 *^gg] ©y-F%»£-r-5. ^e.tc, -y^f-rfyy 

- F?«5SWSfO/- F 3 0 6JWT^, S^ffl 

»o*x=fy te-s-*n**«s^»iiB^*«B©/'- f 

#«BO*"r=fyte"&Sti« [PHS] y-F3 08 i; 
[0 0 7 8] 

50 fe^^tia«^-fc*xffi^ &m<d 
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Y*?-i±wtm*-t>-<DW&z-?z>>f-L>w.^x y zm 

?- A«ggX Y Z K^OUuS/- KWTOT©©y- K 
•y* (EKB) *4«tTEflU M/-K«T©f 

So 

[0 0 7 9] 

^xrfU©. &Sl/H±+J-:7';*77 i :iyg:<0 1 ~3<QTK 

ftZ<D/-Y*m&h-TZ>m%i{\:*-'7vv* (E K 
B) *»Ste£j«LT. My-KOTl-ItSf^W 

[0 0 8 0] 

«t?t±. 8 + 2 4 + 3 2SO/- K*«y U~«BBi:« 

h/— F*^T-fito8®s-eo=&y— Ffc^r- 
dfu*^js?n«o cziz&iiztiTdv tit, mxii 
^yxf^y^* t* o#«w* * =e y zrnm -r * mm<o 

CD5^CD IOC/— F(C. ^-r-feVX^BirrSi/X-r 
AtLT*->XfA (T->Xfiiftt5) -hm^-r 
5o 

[0 0 8 1] 

ilffl^tl^c COfilClH, CftfCfctK 2 2 4 (ttl 

fscirtf-C'^So ssk, st.Tffl!io3 zmommic 

£»K 2 3 2 4^*0 <W- 9* (feSt/Hi^.— iff* 

-KfrST^fAOy- KST»©/<X±©#/— Ftc 
SJSm-^ DNK (Device Node K 
e y) *«jau «TS©y-7fc:*tt5** I Dtf'J- 
7 1 DtZtlZo 
[0 0 8 2] 
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- fcffll^TWHHtStu EKB ftfcIBfiSflSo 
E K B&c43ttS5fc$fre> 1 o±C@(D||ffy— F+— It 
EKB©5tdB©/ — K*— fc£W±y— 7*— te«fc-aT 
Bt#{fc$n. EK BfttcBBBSnSo 
[0 0 8 3] 

NK©v^-rn^o^— *m^T, a-yf-yy'f—^tt 

PgJKOMSr./- F*-*&#U «^LT»;fc*— *JI 
t/^T, E KBFtycfe^SnT^S££lC^<S>±<£>Pgg€> 

[0 0 8 4] 

/-F^K^fcLT, J^TOy-F^^OTg^Z-Flc 

m%}<t*—7B'y* (ekb) ^aiic^tx, wja 

So 

[0 0 8 5] 

SStC, hJ^cD^y-^CD^WXeStCiSEKB 

JO -^TBHrrSo 
[0 0 8 6] 

@l 0^r#^LT2 0©*xriytcoi>TSiB-9'rSo 0 
1 0 ICmT <fc 5 ;b— b / — F 3 5 0 ©TSfc T ~>7. 

fi»y-K3 5i*RSu ^oTSfcT+J—exy- 

F3 5 2, ^J:tfTA-K/-F3 5 T 
A-F/-K3 5 3*m&tlsfcyV— it, a-ff^ 
-fX&gggft^y -73 5 5i: LtSSL, 
fcLT»ffrS^-K»JSEKB [EKB (H) ] 4E 

«f s^xnyyy-T'&So t-^-hx/- f 
AW*-*- exKttj&LTfgfrrs-y-- trxfcffSE k b 

[EKB (S) ] SEftiArdyy'J-TftS. 
[0 0 8 7] 

>n— FMflSEKB [EKB (H) ] % It- IfXttJSE K 
B [EKB (S) ] fcfc, JC-n^njESaflilB^WfOf* 
Wt»U4A5h5DNK (Device No 
d e K e y) -Tfcb^ 'J-7*5T">XfAO/- 
F£T*O^X_b7>gv'— FtcfcfJSt" S c t 

T\ =§EKB©SH§tfRT&gfc&S 8 
50 [0 0 8 8] 
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[6. 3Vf->vKAfcJ:lflH«»S3 
#lc, ^^Tlxhtfs^xV'y^A^fcteliirrs 

[0 0 8 9] 

fVyf-^ ^-Y-feVX+J"— ^itftSv-XxA 
[0 0 9 0] 

witt*^- isopc^oa«RjHg^it$s 

®iS5«teURL*»^ UT-yy (1) ) U 79* 
W^lt*> a >y Acost^rr £> n yf^'J x h 
Bffi (fs»^-f) SrW&ttfL- (Xf-^ (2) ) 
T, x-fX^WtS^ &rf"9? (3) ) 
[0 0 9 1] 

SSffiH^efrOj&Jg (Xf7^ (4) ) Sff^ot, 7" 

fy^ (5) ) ?Zo m&7~iH£tt* 3Vf>7 I D 
(CID), ^3 7 7'D-/^iJ? (S h o p I D) , 

<E> o 

[0 0 9 2] 

•>3yyt-^ ^.-fT'VhfrS.OnV-rVylS! 

(6) ) n. coWSSJlifctix 3>f>y] D (C 
ID), i/s yyt-/WJ? (S h o p I D) 

[0 0 9 3] 

irfi>ts h5^-*f^>3V I D (T I d) o«fr*aa 
(Xfyy (7) ) fcUffTSo b7>f^->3VI D 
(T I D) ©«ff«iao»ffl*BI 1 2©70-^:#HgL 

[0 0 9 4] 

fI->XfA(±, Xr--y7°S 1 o Hcis^T, a 

D (T I D) *4«t«. Xx-y^S l 0 2fcfc 
V"»T\ *^Lfch7>"tf^>'3>I D (T I D) fc, > 
3 >yy-9--/^e.mS^nfcn>"r> > y ID (CID) 

*S»fl-r*o Mbft>7>fi'v'3VI D (T I 
D) 4i/gy^- /^CfcfLTfcHTJv SfftS. 
[0 0 9 5] 



(13) f#F>82 0 0 4-5 4 7 4 4 

01 1 <Dis— *r>xmcm2> 0 gS^X-rAte, h-^V 
-ff^aVI D (T I D) ^fiStLfc h^>1f 

^i/sVlD (T I D) fc«B#HlWH*T I DtitlSfcLT 

>>3yy-9— svcmfe (x-f^y (8) ) -r*= ten 

*T.frt/\, T I DW^SeLfc->3 *9 

1 DfiMBtc-^&n&fiBI&Ka-^T. Ufv 
70 f (9) ) ^HfT-T^o 
[0 0 9 6] 

(9) ) i±*BS?n^o 
[0 0 9 7] 

mc, SI 3C->- 7->x0^#^bTms^-r«.MSfc 
ov^T^-T^o i/sVJV—rttt. nyfyyM 

^conVT-V^O^VD-HffFRlS^^ma^XxA 

^LT^im (xf7 7" do)) n, 

[0 0 9 8] 

^<>Vo-KfFRlS^II©a (XT^y* (11))% 
HfffSo ^*Vn-Ff*1^3£&^3©l$ffl*0 1 

4 07n-*#SBLT«9it«. 

[0 0 9 9] 

IfifiyX-rAte, $?\ Xf77S 2 0 1 tC*5V>T. « 
30 ttbfe^vn— KHFRTS^fc^Sn* h^Vtf*^ 
yiD (T I D) $fcte£j*U IB«»K«*flbfch 
^^If^^a^ID (T 1 D) fcfcKB'&U ^^t^f 

y I D (T I D) ^^jSLTiB^?n/in^7->^ I D 
(CID) *8tffU X-r>y 7°S 2 0 3 tc*5t^T, CI 

d tcfcfjs-r & nyfyyo^ yo- FffRT*«frf 

[0 10 0] 

si 3<oy-^yx0tl^ KW*«^*„ Bivx 

40 -rAli. ^*vn-FBOT#*SE«Wl (Xf-y7 (1 
1) ) 37fyy<DW7tJ- F^FqT*'>3>y7 P 

^-/^fc»UT»ff (Xf-y7 (12)) fix, ^"7^ 
a— FfFPjtctt. h^V-if^v'3^1 D (T I D) , 3 
yfyn-^URL (C-URL) v ^-fHrVXit— 
AURL (L-U R L) , 3>f^ ID (CID). 

siHttHMHi d (u i d) , m& (^yryy) url 
(s-urlk D-ex I Dtf^n^o 

[0101] 

50 SrSfrr^iu *^<<7'yh7"?V J !r— ~>3 vicfctfi. 
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f So 

[0 10 2] 

tmyr-nvoiwitmi stt»m\.Tmw?%o mmy 

r-T;V3 6 0ti. ft^Si'XxAtf^J&Lfch^Vif 
i'v'ayi D (T I DK ir^-lTl/YtmXib^lt 

Minnyf^ id (c i d) . tg->xf 

(U I D) , eS->XxA#£j£Lfc^Vn-KI*Rl 

«atttn«*-e7i i d, 

-5 frlSSgT? & £ <DMSiJ 7*- * tlS> o 
[0 10 3] 

[0 10 4] 

r. T7vtr—^3>zmm (xt?^ (is))t 

So 

[0 10 5] 

? 9 -< 7 > h 7 f V f T— is 3 >lc feV^T*ffr S 77° U 

^-^3 vjgfs$n.gfc:o^T, 01 6^m^rmm-r 
So xfy^ssoit^ £1\ S17r-i';i't 

[0 10 6] 

+j— Hxf-^a, ^-i^vhtf saw-ex, m 

7"o / W If L fcit- e XflWHt* 

IS&St*— *-?£S>o 017 (a) IfXf-^O 

[0 10 7] 

01 7 (a) fcjjrr -9— exf- £ 3 7 ofc: 40 
it, EKBSafl^y— fCfet^T^^ftS^I^Vb 

ID, ^5.(i:f;WX/-K*- (DNK) ^r;V-h + 
- (K r o o t ) T*Bt^{tL-/cx-^, E (K r o o 
t, DNK) tfttn^o D— eXr-^^rSffi-T^fc 
77-i'7yhli, 71'tyxt- /Sfcrfcfrsg 

gffii^tjns. s^aste. 01 3(c^-r$aa 
xf-^ (15). (16) ojag^^jcrx-rso 

[0 10 8] 

01 6lC7jk-$-X'rV7S 3 0 1 tc&l^T. V— tfX I D 50 



#112 00 4-5 4 7 4 4 

25 

fcfjsotJ- - if x x- * w l t V ^ £ w^-r § t . 
xfy7S3 o 2 ic&^T&m'&mznfii'T. it- If 

X-r-^SfTTSo 
[0 10 9] 

S*\ x7*;l/h?OTH1f^«, nyfvyoiA^ 

[0 110] 

017 (b) \cmmn^n<D?-zmm\*7r<?« 01 
7 (b) iz^k-rxdiz. mm&mm3 7 ncn, 
mmmfrt vrvmrnrnmn i d, s^aetnf mt l 

T<D*^ AX^T", 77^7Vhtl*OV-7I 
[0 111] 

Dit^m, i>^itwmm^>7-^y\zimrsi i d 

i: Li, (on) ttria? 

txfc 3 > 7- v *y (c ov > T cd fijffl tfWqj 2 ti S mfe £ t 
So 3VfV73 7 2(;:iiii7 (c) tcjjVTJ; 

wmy^rz i 3t,m^n. tmy^vz 7 zi$*-y 

(ON) co^nVx^yT'^ntf, M^fF"BJ?nfc 

nyryn-fesiit^u w&y^tftfxy (of 
t^n yf T'fesc: i: Jtjfcto 

[0 112] 

^7'f7yh77';^->'3y(i, Minyfy^sa 

^%fjg-r^i:i:fefc, 3yfy7d77i'*©M^ 
HfTLT, nyfyycOSi^frS^ Ci:fC3S:S 0 CO 

[0 113] 

01 6€tjai7o-ici!3 77'j y-y a yiilio 

^g^Wc-ot^Tt^-f So Xry7S 3 0 2{c43t/^ 

t, -r&to^^-fevx-y-— ^frs©-*— if 

Xr-yfS 3 0 3&c33l^Ts ->a -y ^frSSftL 
fcg»i7r-r;^ iAfl77'jy-y3y©gi7r 
-Y;i/To5SA\ iS?iffl77 p uy-^3>'Og»7r-Y;i' 
T*fes*^¥(jgij-rs„ iAM77 , jy-y3y^i7 

r-f;bT'feS^t±, Xf77S 3 0 4tc)i^I»Affi7 
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[0 114] 
[0 115] 

m^rnfi (xtv? (21)) -r*. cnt±, 9t\^ 10 
ffittiMB (01 7 (b) #b§) teiB«*nfc3>^>'y 

ID (C 1 D) icMtSnyf^t'fclio >7^"<T 

yh7^yy-^3>tt< n^tyyiD (c 1 d) 

[0 116] 

vhteSSflU (xf •vT' (2 2) ) -r*o co^Vt-W 20 
mstit, sifffcayfyy^^ hi 7 (c) tc^-r 

<fc?fc, nvr^y*— : K c TBSHfffcSftfca vf> 
yf-? :Enc (Kc, Content), n^-rV 
\y^— : K c £7l/— h^ 1 — : K r o o t T'Bf^tLfcx 
-?:Enc (K r o o t , Kc) , S^C: )V— h*r 
— : K r o o t «r5?WT*fc«)OE KB, Z blcWfe? 

7yf-^, -9— ex 1 D^foiiMa«MWnsnfc7r-< 

[0 117] 

3Vxvv««'*»itLfc*9-r7vhfc^ Si^yf 30 

WtCttJ&irZmm&im (Usage Right) 
«MMW**9-f ^fcfcfLTjMfi Urf7 

(2 3) ) -T^o COS^ttt, ^3 7^/^ 
SSfltLfefitt^rW;!/ (01 5#!$) tfte*£*i*f!I 

%mnmiD (uid), ^^^Mts'j-r-^L 

fc^»7ri';i/ (Hi 5 #88) ^t^StiS b^z^f 5 
-> 3 yiD (t i d) ara-stiSo 

[0 118] 

fOT«W?S (Usage Rig 4(7 

h t) ©8rtfg#*sflrr*i, tii'XfAtjjL 

T, aXSAftia (Xt?7 (2 4) ) ?rfT^9 0 CIO 
ipjffl«l1f^l D (U I D) , h^Vif^^a 
y I D (T I D) 5t«rStl*o ftii^*SgLftfi 

-9— asaa^jssfcUT. ftftwrnn d cu i 

XV—zVcmiM (Xr77 (2 5) ) t5 0 
[0 119] 

jS^tWB^SMLfc^-fevx-y--/^ a^f-WW 
Mft^t fc mmnmm (Usage R i g h 50 
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t) fc£$LT, ^v-TTVhtc^UT^T (X7'?7 
(2 6) ) -T5o fcfe, 3> 

[0 12 0] 

fOffiflMWR (U s a g e Right) ^SffitLTc^-^ 

yyfcO^T* fOTtttitSB (Usage Right) 

£gfc&S e a-if*-53VfV)' id (c I D) , fijffl 
«|fi (Usage Right) I DSrft^Lfcn > 
^■VySflaS* (Xf77 (2 7) ) tffcSfc, 
7 1/ b 7 7 y y- f a sfilfflfcttteft-a ft 3 >x V 

ys^j&Hfr Uf77 (2 8) ) n„ 

[0 12 1] 

3Vfm-M3 8 2^?>i'7-l'7yh3 8 3fC*tL 

38 ltfW3'(7fbZ 8 3fC^-f-fc:>Xi:L.T, It 
-IfXf-^, SlfflfliflMB (Usage 
Right) tf#A^tl5. 
[0 12 2] 

ni/xV^i, 3>7m-: Kctc«fc»j, Bg-sfftS 
ntfeO (Enc (Kc, Content), 3yf> 
y*— Kctt, E K B frgafTOflBft'l'— ^-Kro 
o t frZmZtlZ^—T&Zo 
[0 12 3] 

^7^7yb 3 8 3ii, ^-T-t^XD— 
^-exf-^^5f;^xy-H^- (DNK) *Bl 
»U 5XffLfcDNKtcS-^V^Tn>'T>'^7 7''l';l/<D 
E K B*atLT, b*r— : K r o o t «:SS!fL, 
5 etc, fltffLfcrt/— : K r o o t ^fflt^T, E 

nc (Kroot, Kc) *S§LT3yfm-: 
K c£r$tffU ^bfcnv-r^y*- : K c 
B§mt^y"r>y ■ E n c (Kc, Content) O 

[0 12 4] 

t-e^T^-^ fJfflftfifS (Usage Righ 

t) tttfottvrz^yf-yvw^mvwmfc-o^T, 

0 2 0*#fi8bT8»!|-r*o 
[0 12 5] 

02 0«, >\-K*ttSEKB [EKB (H) ] , -9— £ 
XttfSEKB [EKB (S) ] ^riifflLfcn >v->V<D 

bfc0T*$.^.o 
[0 12 6] 

02 otc^-r-9— vrxx— * 4 o i , 

4 0 3(i, 7^tyX^-AA7f®t5f-^T'fe 
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/^e.S®-r«7*— ^Tfe^c -9-— o 1 
tt. 'J-7«8l?i:UO'J-7]D, ilffl-rSEKB 
i'aV, ££>fc s It— fcTXttJEE KB [EKB 

(s) ] (Dm^ic^KV-vxiifoT'Wxy-) 1 * 

- ( S D N K ) fc, / v- H JtJS^T" rf U V U -fc^fS L 
TSS?n5;V-h*-K root' &C«fc^TI£#{fc;L 
fzrr—$ E (Kroot' , SDNK) fct&WLTV 

[0 12 7] 

m^rit=i>7-l/y7T'()\>4 0 2i±, -9"— ex^fC<D* 
-rrfU^U— tc^jSLTS9^5n«;V— h^— K r o o 
t tTX^jSE K B [EKB (S) K )l> 

-h^-Kroottayfy^ID (C I D) 3 

(Kc) il^Bg^-ftLfcx— ^ E (Kroot, C 
ID + Kc) „ 33<fc*>\ 3>f>7 (Content) 
tnyfm-Kc T'St^fkb/cx— ^ E (Kc, C 
on t e t) ^tf^r-r^T'^^o 
[0 12 8] 

£fc> ?lJffi«IWS4 0 3H\ U-7 I nv-r^y 

JflJHIBk SIR Bit, 3^-»JIS^O««*fUM*ft*^ 
^n^o fclffl*1f$B4 0 3^§ffiUfcn-— tfx/WX 
tt, *iJffl«H»^=3^T-V^{cMfS-ri.-fe*iU-r-f fit 

[0 12 9] 

s*Kffcf, $fcya -fe >y ^©as^AMs^*--* 
^vf/WX (PD) foa- y'x/WT.tcfe^Tfc^ 

<D^5 Ix— * £ UTO A V -f >"r v *X 7 r -ffrftlcfe 
[0 13 0] 

a— jfT;W7vH, 0 2 0lZ7jk-?Z>T>yys 5 0 1 (Cfe 
t^T, />— F#jS©-rVWXy'— K*— (HDNK) 4 
12*:»BLTs A-KSKOEKB (H) 4 1 1 <D« 
§ffll*lt7t, EKB (H) 4 1 IfrZ. /n-F^JS 
*r-=fy 7 'J - 1 ^JS LTS£?n« ;W h K r o 
of %UftS„ DNK^JSfflLfcE KB©», 
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[0 13 1] 

Xf'vT'S 5 0 2tC*5^Ts EKB (H) 
t)ffiUfc;P— h^-K r o o t ' Srfflt^T, If— af 
— 5 4 0 1 rtOBf^ffcx-^E (Kroot' , SDN 
K) CD&^&SfcHfrU lfXjtfjSEKB [EKB 

(S) ] ©«H! (BHt) tl(i«f/WX/-F*- 

(SDNK) 4«»t8. 

[0 13 2] 

Xfy/S 5 0 3(C43t/^T, t-lfXf-^^?. 
70 5Jt)tHUfcx/WXy — F*— (SDNK) Srffl^T, 

Bg^{tnvr>' > y7 7"r;i'4 o 2flc««snft*- if 

XfcfjCSEKB [EKB (S) ] <D®M («#) fcHfr 
U It-WjWSEKB [EKB (S) ] ftlcfefflZft 

fc-9— e x#j&#-rri y v y—te»*SLTK3e*n*;i/ 

— F+— K r oo t?Hit5. 
[0 13 3] 

^C, Xf7 7'S 5 0 4lC^T, -9"— If XfcfiSE K B 
[EKB (S) ] *>£>SX9iUL;te;l/— b$— K root 
^rfflV^T, Bf^ffcnVx^y^r'OW 0 2F l 3fc:t&*fi£ 
20 nfcB^ffc-r-* E (Kroot, CID+Kc) ©^ 
■^B131**ff U a^^y ID (C I D) t. 3>"r 

vy^— (Kc) ^mn-r^o 

[0 13 4] 

^{c s xf'yT's 5 o 5tc£>i^T, mmt^>f->^y 

r-C;V4 0 2*»6Bi D tfiLfcnVr^y ID (C I D) 

7-y-fS 5.0 &\z$5^T, Bt-^{trj>7 i V > y7r-i';V4 
50 0 2^5»lSft)tilL/c3>'7 : ->'^^- (Kc) ^JlfflL 

ftnVf^E (Kc, Content)%g§LT3 

[0 13 5] 

x. t icttfc l t^s? nfc #x rf y y -tc^jcsf ^ e 

KB tLT©A- F*fJSE KB [EKB (H) ] fc, 3 

> f- > v W ffl 9- - if x {c »JS L T Kjg S tx rc ti 7- =t y \y 
y-tcWjSf SEKBtLTCDt- IfX^jSEKB [E 
40 KB (S) ] 9UC*frbTif{&U 
^n^ntD E K B fcfcf-f SIESftD N K*tt«a- J tf 

exof ijffl*^* ^ c i: tfRjfigi: ft i» . 
[0 13 6] 

■9— IfXfcftSEKB [EKB (S) ] SfctfXD 
D N Ks -rfttD^SDNKti. 3Vf V^tJfJSLfct 

-trxx-^4 o i tvTmQmmv$>*), s^sdn 

y — tC»JSbT»«?n*;b— h^r — K root' «S 
50 fflLTHSreffcLfcfllJSfcLfcO'Z?* IE^ftHDNK^# 
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[0 13 7] 

-Ol/4 0 2A>€»^^n5 3y-rV^HSgiJ? (C 1 D) 

t. vmmmmfr t>i&m-z nzc i Dt<D-v^>^*& 
tie i DiitlWiT^icfcffayfyfUS?' 

[0 1 3 8] 

2 1 <D->— ^>X0^r#^UTlfiB^-rSo 
[0 1 39] 

VVMyr'^fAf (01 9#58) ^»LTi'7l'7Vh 

-T^Wco^T. 02 i*«ILTlM8t«. 
[0 14 0] 

Ae»bT*ff (xf»7 (3D) -T3o £ 

-yiD (C I D) tJ;t)3Vfy7%StLT3>fV 

So 30 
[0 14 1] 

^^I'TVhfcWbTSSfll (3 2) ) "T^o 

isvicM-rzng.imznft (xf-yy (3 3) ) u 
its. co«yi«ra«bTiifff *cfc»cj:»)^hy 

[0 14 2] 

TRfltS. Xry^S 7 0 1 fc43V>T> ?7^7V h 
77'J S/ 3 >«v 3 yfV'yt-^ib^Sl Lfett 

[0 14 3] 

^texx^^s 7 o 2{cfev>r. trxi d 

fc:#f8rr37 s 7*;l'hfO®IMWB (Default U 
sage Right) (01 7 (b) #i) 

^tanutm, ^-exx-* (017 (a) #«o 50 
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[0 14 4] 

ny-ryyKWcfci^-ai, T^^l/hfUfflffiW^S (D 
efault Usage Right) S d 

«*fLTl^ftV>»dtt, X-f ^^S 7 0 5(Cii^ 

[0 14 5] 

x7*;l/hf!l/Blt1t?B (Default Usage 
Right) iWSttJn"C^5i»tt, Xt'y7S7 0 
3tcfe^T, f f 7*;l/h5RIffl*1lWB**KU f!Jffl«tit 

IfKWl^^^XO^Vf-^ycSSffiflFBj, feS^HiK 
[0 14 6] 

^(CXf'^S 7 0 4(c43V^Ts 7*7*;l/h?!Jffl«Htffi 
(Default Usage Right) cDffJffl^ 

ftici^^tnyfyytfss^nso &*3. 

Mi£€>019s 02 0Sr#B8L,Tiai!§L/c:<fcdlc, 

ravfwu-— /^^ssg-r^Bg^ftn^xvyo^ 

[0 14 7] 

#33, 3yfy7©»A»I?:fft%^iSlJaatcte^ 
Tt, 0 2 0^r#^LTSJBJbfc^A3>'x>' v yOll^ 

k n«i s e k b ftui»car5 < ^'-rowaste iot^y 

l& n Vx^y*OT«S§i: LT©a- K-7x7fc:*fJEL 

TKatstifcAT- dry y y — twjs-r* e k b t lt© 

A-FmEKB [EKB (H) ] t. nyfy^Jl 

•9— ex te#js l tss? nfc* t- rf y *y y 

SEKBkLTCD-9— ex^JSEKB [EKB (S) ] 

tcft-f sies&d n k %#-rs^.— ^©^n yfyy 

[0 14 8] 

_k&Lfc«fc$fc, *7^7ybti, ^T-feVX+f— 

mrz&mimvmcTytfrbmRimmm (d e f a 

ult Usage Right) W#U ^yfy 

ffltllffltl^^a Vx^yW^RlHli: Lfc#M-p 
&3CDT% 3— »f«. nvxVyoKA^HfT-rsci: 
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[0 14 9] 

<Dm^htct>\ w& : f-z l £5 z 7 4T^\~<Dmmkw 

toftlftU S£BffC, f*7*;l/hf!JJS!|iflBH (D e f a 
ult Usage Right) ©W&fc^LT, 

[0 1 5 0] 

[7. ?7v7/V Xh7W 

* 7 7 V h A L fc 3 >"r V V £ fc 14 3 yf V 

[0 15 1] 

'J7h7illtt, *7^7VK03^W*A^ & 
*Wi»A«©*tt£i: LT*ff Vr-WWfli;© 

[0 15 2] 
[0 15 3] 

H2 3JMT«r<WSUTs ^y*7»^/'JXh7»iO 
|fflfr3^T8fflt«, 02 3tt, ^7^7Vh7^J 

fc. -7a ^7lt— /V nyfvy*-^ ^-Y-trvx+J- 

[0 15 4] 

T, !E«fc3VxVVBIA*fT&ofct><Dfc*-*o 0 2 
[0 15 5] 

tL.TVVXhTW&MM&yT'fJl' [restore, 
d a t] *$L®. (5 0) ) TSo 'J^h7» 

^77-f;l/ [restore, dat] <D»1 
2 4 tc^f o 
[0 15 6] 

02 4fCjjVf«fcdfc:, U 7. h7*!lSP^7r-f ;V [re 
store, dat] It E K BEi'> U -{C43tt^> * 
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(hash) MZltM AC (Message Au 
thentication Code) * -> ?>&3&liE'r 
-*lc&-3Tffil£-Ztl% 0 ^7^7>h7/V^->3 

aMAc%gfUu u— 7 1 DfcsaEffl'f— 

UX YTymmi&yT^fr [restore, dat] 

10 [0 15 7] 

* y -fe— iSWMM^r (MAC:Message aut 
hentication C o d e ) 7 s — £©SfeSS 

#fflSlllJ««:fflV^MACI<ffi«ffil*H2 5fc^"To 0 
2 5<0«jSfC^-TJ:-5^*t«:S^y-fe— 7^8^W 

K M2, • • MNi:^) > S-f, «J»MI (I n 

1 t i a 1 Value (fiCK I V£f 3) ) fcM 1 

fcSMftftWiarr* I l i:-Ti») . Xic 

20 I l^D E S WHtffcWfc xn, St CWTs K 1 fc-T*) 
*JlVvr;«H£{frr* (fcH7j£:E 1 t-r *) o «ttT. E 
l33=fctfM2£Pffll$l§llft!U ?©ffiA12^DES 
WH§ffc»'\A*U *K l*ffl^Tflre{tr* (tH^E 
2) o cn***)5iU iTO^-yt-^L 

rm^itmm^mto wmmx^rc e n*v ? 

KIE8F# (MAC (Message Authenti 
cation Code)) <t&-5 0 
[0 15 8] 

MACttte, f<D£^f-^^I^nsi:, 
50 fitted 0, ^I^Of-? (*vfe— -7) \zm~3^T 

[0 15 9] 

02 3©V- T-^XfCMOSJB^^M^^o ^v-r7>h 
tt. 7^'>-tf^LT*a>'X'rAOffi«-rS';xh7 
^-7£7?-trX Ux-y7 (5 1)) U WS^Xt^ 
i»tt, ';xb7^-7%^^-Y7Vh07^7+ffcSi^ 

Uf7 7 (5 2) ) t5o fi-yXfAOi/Tt^'J 
40 Xr-7^-7tt s V7 h7SaSS^7r-l';V [rest 
ore. dat] OTf^a- F®l*llfTf S«flg* 

[0 16 0] 

7fC*5^T, >5'f7>h7y , ;y-5'3yoS)«tft 
l J7h7»lSS7r'l')l' [restore, dat] 
%77/n-Kti. 'JXb7j!!lil*77-l';l' [re 
store, dat] tt, 82 4*#iSUKWLftJ: 

s e k b E«y y * * 7 > h mmr- 

50 $ h LTO'J ~~7 I D $|*.iifM AC (Messag 
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e Authentication Code) frW 
Z/syi/a. (hash) ffitC£oT#ifi5c2m3c, 
[0 16 1] 

flVXfiti V7sYTimm&77'(fr [rest 
ore. d a t] ttgrntZt, 9 ? 4 T Z/ Y hOM* 

2 > ®&m*m^T, v—y i Dfcjws^^^att^w 

fT&(,\ S«?*-*©=WfiE (Xf7^ (5 4)) £ff& 
jl/fc^-fTVhteiiMi (Xfy/ (5 5) ) "T^o j@ 

mm<D7 7<>{ frmtiuz&o* 

[0 16 2] 

i^aVtciS^n Uf7^ (5 6)). fi»77'f;VO 

afyT - (5 7) ) -r* 0 

[0 16 3] 20 
>^?7>y7/UXh7fflg©iffl3**£fcbT«:, V— 

[0 16 4] 
[0 1 6 5] 

*<*z/7si]—'vcmm Uff7 (6D) -r^o c<d 

. (e:-&*n« h?W9i'a>I D (T I D) tft$n 

o 

[0 16 6] . 4° 

3 >ID (T I D) K*3^T\ /W^777/Wb 

xxAjc^fbT-y— ex^M-r-*. -rab%-9— trx 

(Xfy7 (6 2) ) SrfrftSo fl^XfAB, HC 

(6 3) ) -r^o cna. ;^j'7»^/ , J^h7«H 50 
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<Q$&iilB]&<D±l! (^Jxtf 3 0) 5rK^U ±RS3:@x 
[01 6 7] 

X-VT" (6 4) ) f^o unit, /^^777/V7h 
[0 16 8] 

■9— exvMT*- * fij bfc ^ -r -t vxt- 

/^^7y7/UXh7W-^7-^<D^7 
^7>hfc*frs«fr«UI*fSfT Ufy7 (6 5)) 
*-*„ 17— «\ 5fe(C01 7 (a) *#*?LT 
BMBUfei^fc, D"-exf- *3 7 Oteli* EKBiB 

«y u -Kis^xmfeznz * ^7 s v fcw\m<v v - 

7 I D, -tf— exiS&J^t: LT<Dt-liX I D. £5>lC 
(DNK) h*— (K r o o 

t) T'Bg^CLfcT 1 -^. E (Kroot, DNK) 

[0 16 9] 

£5tc. coffiamc x7*;l/h¥<Jfflffi1f^ (Si 7 
(b) #«D fc^HrVXIt— '^T'VhfcS* 

asm., iAnvfy^ofijffl^ft^^t, 
y©aiAte»jSLT«fTSn*t>©T»fc**V -r7*;V 

m$ag<D is© Jffl*«^s t u Tiiffl * n s 0 

[0 17 0] 

-y^777ItLT, IBIt^gtlcfttt (X7-;7 (6 
6) ) t5c 
[0 17 1] 

>; x h 7«yifcov>TWwrSo ^ >fyyo^7 * 7 

-y7/UXh7ffla*fr©«^, *^-f7> h 77'J 7\ 

-v-a >ti> ayf yy^ya- pwtavf 

■9— /^cML-TUtT (7f77 (7 1)) f*o en 
lis fttc^^^htfSIALfcnz/f-^y tll-T*& 

*o ^7^7yh77^->3y^ ^yfyyiD 
(c I D) tcfctJn^xV^y^rJtSLT^yx^y^ 
yn- KS**n yx> > y-9--/<:(c^bT^T-r^o 

[0 17 2] 

«-r«ts c i Dicttfo-rz^vT-yyffiftzt^JT 

yhic&m (xf77" (7 2) ) t*. tOayTyy 
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7 (c) ^mmLrmmLrz^vic^ avy-w*— : 

K cT'Bg#ffc$nfc3Vf-^y-r-^ : En c (Kc, 
Content). UZ/y-zyy^— : K c*£)V— 
- : K r o o t T-Bf^fffcbfcx— £ : E n c (K r o o 
t, Kc), : : K r o o t«Wlt 

i>/c46cD EKB V £&tett*77^7*— It-lfXI 

[0 17 3] 

>y»C»*Si-*5pJfflai1lWB (Usage Right) 

(7 3) ) T3o c©g:£fctt. es&7:r-f;l/ (01 5 
*SH) (fte-&Sn«f«Jffl«lfll «B I D (UID)v 
7 V HSJf-ii i UTOy-7 I Ds h^V-tf^v-a 

y\ d (t i d) mn5. 

[0 17 4] 

-feyXtf- /<tt, NUMMI (Usage Rig 

ht) <Dmm&n*&m?zt. mm^^i^icMh 
t> axBH^jaa Uf'^ (74)) ^n^. z<o 
mmat. mmwimi d (u 1 d) , b9>viri'a 

VI D (T I D) mft5. ffi£!I**»BLfcWl 
ttA!HAJS»i:bT, fJffl«1f «H I D (U I 

d) fcWflrrifijffl^fcfftwgbftisaFflMit^-f-fev 

X-9— /tfi&MI (Xf-y^ (7 5) ) -T*. 
[0 17 5] 

m^^m&^rmmmmm (u s a g e r i g h 

t) %4^LT, *^7>Mc*fLT?ffgtT (Xfy 
7(76)) f3 0 &*3, 3^T->y3pJffl*ftfcH:. 3 
V7->*.y©W£@fk IRES. 

[0 17 6] 

fiJffl*1»$S (U s a g e R i gh t) *§®Lfc*^ 

tm^m^vtrv 7-7-* t itws. 

[0 17 7] 

XD— M^fgfr-T * WWtil ^tis IBUlfca >7>y«f 

777"/'jxh 79nmm<ommmmn*m&&fi bx t, 

[0 17 8] 

[8. u 3 ^ > k 7 r i 5 3 >f oriAia 
«] 



(20) «pH 2 0 0 4 - 5 4 7 4 4 

IE&tC3>xVy£8iAL*:*^-'f7>h*\ M 
An >f >V ^rffiO * 9 W 7 > h fcSMKf 5 v»*>«>* 3 

yfijfflflift^r-rsct^ftfcbTav^vysfUffl*^ 
©ft #<dsm^h^ b rd&mc-o^rwtm-r z . 

[0 17 9] 

;o MSbfeidfc. 3>x>y£?f£?iJffl-r5*^7> 

X7-*fc, 3>-r>^te»J6^*fU«*flWB«5Ml|-r 
[0 18 0] 

h«©fflflM«*^b?ti3BMI««««tefften?tfc 

^Sfct^felffljBttSS^bav^o bfrU -7a. =i> 
f>ytt ^=§17-*. @#7-*, 7ny 7 Aft« 

fe^bjb-'fe'Srl/^ 
JO [0 18 1] 

«TT*ti, "T T-tciE^^: nyfy^ ;&S8A b * T 

> h vum? snyfyy *fls© * 5 -r 7 > h tc*s«. 
■*-*fe-5r3HE«*l*?Tb, rSEftisnyfyy 

■feVXl&$g*^-t::/X-9— /<*»6SMW*c2:-t?, n 

yfy^t- m<d * ^-r 7 > h 3 3 yfyyiif 

[0 18 2] 

02 SfcaVxVyfciESiteSlilbfc^^^hflMft 

*»3i*jw«rKiSbfe7D-*^-r 0 fao^^-r 

7> h tc««-r ^ 3 ^-r^y ^trf-* 7 r -f U 
3^yK7r^l/t^. ')3^yK7ri';K:^ Bf 
■^■ft?nf::3>'x>' > y^r-&tf3>7-v^7r-i';b. fe<t 
d'^^jS ctfonyfyy <om& 7yf;i> (MX if 
HTML7r-Y;i/) iC^Sns. 

[0 18 3] 

02 8©ffil7D- tC-S>V^TSJB^-T§ 0 @2 80MI1% 
50 ^HfTb. lEate^T^yfcJBAbfc^i^VK 
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j|lW^7Vhf$5 0 H2 8©*WI*i, ^-fT* 

->3>1 2) Olo<D^fya^Ai;LT^7-r7> 
h^XxAi: LTora^3§£«0$yffl!^& (CPU 
9) te£*iM»©"FfcfSfTSn*o *7-v7 , S8 0 l (c 
isi^T, ^^yhtt, I30*7'f7>'h8l0f 
w x 7 U-f tcU n * y K 7 r -< MEfiStBBfcS^f S o 
[0 18 4] 10 

7>h IE»Efl?f A U S£RJtg*3:3i V7'JXb6 5 
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(57) To provide an apparatus and method for realiz- 
ing an improved content preview process in a content 
using mechanism based on content usage-right infor- 
mation. A client obtains default usage-right information 
(Default Usage Right) when it is registered to a license 
server, and determines, based on the default usage- 



right information, whether or not the content can be 
played back in a content preview process without pur- 
chasing the content. The client which is permitted to pre- 
view the content is limited to a client which has been 
registered to the license server to obtain the default us- 
age-right information. This prevents preview-data from 
being randomly distributed. 
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Description 

Technical Field 

[0001 ] The present invention relates to an information 
processing apparatus, an information processing meth- 
od, and a computer program. In particular, the present 
invention relates to an information processing appara- 
tus, an information processing method, and a computer 
program which realize content usage-right checking 
when content is used, such as when content is played 
back, and which allow for audio and visual preview of 
the content so as to provide users with flexible content 
use experiences. 

Background Art 

[0002] Recently, distribution of various software data, 
such as music data, game programs, image data (such 
data is hereinafter referred to as content), via networks, 
such as the Internet, or distributable storage media, 
such as memory cards.. HDs, DVDs, and CDs, has be- 
come popular. The distributed content is played back 
once it is stored in an internal storage unit, e.g., an HD, 
of a user's PC (Personal Computer), recording/playback 
device, playback-only device, or game devices, a card- 
type storage device having a flash memory, a CD, a 
DVD, etc. 

[0003] An information device, such as a recording/ 
playback device, a game device, and a PC, has an in- 
terface through which content is received over a network 
or an interface through which the device accesses a 
memory card, an HD, a DVD, a CD, etc., a controller 
necessary for playback of the content, a RAM used as 
a memory area for a program and data, a ROM, and so 
on. 

[0004] Various content, such as music data, image 
data, or a program, is invoked by a user instruction from 
an information device itself, such as a recording/play- 
back device used as a playback device, a game device, 
or a PC, or a user instruction using a connected input 
unit so as to be retrieved from, for example, a built-in or 
removable storage medium. The content is played back 
by the information device or via a display, speaker, etc., 
connected thereto. 

[0005] In general, authors or sellers of many types of 
software content, such as game programs, music data, 
and image data, hold the distribution rights thereof or 
the like. In distributing the content, therefore, security 
measures are usually taken against unauthorized dupli- 
cation by providing certain usage limitations, that is, by 
permitting only the authorized user to use the software. 
[0006] A mechanism in which content and a usage 
right for using the content are managed independently 
and are offered to a user has been proposed. In this 
mechanism, for example, the user must obtain encrypt- 
ed content and purchase usage-right data thereof to ob- 
tain a key (content key) for decoding the encrypted con- 



tent based on key data orthe like, which can be obtained 
from the usage-right data, in order to use the content. 
[0007] The usage-right data contains setting informa- 
tion indicating the manner that the user can usethecon- 
5 tent, so that the user can use the content within the 
range permitted by the permission information. Such a 
system has been proposed. 

Disclosure of Invention 

10 

[0008] Accordingly, in the system in which content 
and a content usage right are independently managed 
and are offered to users, the usage-right data must be 
checked when the content is used, for example, when 
15 music data or image data is played back, distributed, or 
downloaded. 

[0009] In this mechanism, if it is determined that a us- 
er is not authorized to use the content as a result of the 
usage-right checking, the content cannot be played 
20 back, distributed, or downloaded. 

[0010] However, actually, there exists a demand for 
audio or visual preview of a portion of the content, before 
the content is purchased, in order to demonstrate the 
content before purchasing. In such a case, because it 
25 j s determined in a standard content usage-right check- 
ing process that the usage right is absent, playback or 
the like of the content will be rejected. 
[0011] In order to overcome such a drawback, it is 
conceivable that free sample data, which does not con- 
so sider usage rights, is distributed to users. However 
most content has copyright and distribution rights main- 
tained by its author and distributor, respectively, and 
therefore it is undesirable that the content, even a por- 
tion of the content, be randomly distributed and be cop- 
35 jed from one user to another without authorization. 
[0012] The present invention has been made in view 
of such a background. It is an object of the present in- 
vention to provide an information processing apparatus, 
an information processing method, and a computer pro- 
40 gram which allow a user who purchases authorized con- 
tent to use the authorized content based on usage rights 
and to audibly or visually preview the content without 
purchasing the content. 

[0013] It is another object of the present invention to 
45 provide an information processing apparatus, an infor- 
mation processing method, and a computer program 
which can prevent random secondary distribution of au- 
dio or visual preview-data. 

[0014] In a first aspect, the present invention provides 
50 an information processing apparatus for controlling de- 
coding and using of encrypted content, the information 
processing apparatus including: 

control means for controlling content use based on 
55 usage-right information corresponding to the con- 
tent according to an instruction to use the content; 
and 

recording means for recording default usage-right 
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information, the default usage-right information be- 
ing recorded in manufacturing or being obtained at 
a service registration time, 

wherein the control means permits the content to 
be decoded and used based on the description of the 
default usage-right information when the content in- 
cludes information indicating association with the de- 
fault usage-right information. 

[0015] In an embodiment of the information process- 
ing apparatus of the present invention, the content 
which is permitted for use based on the default usage- 
right information is provided for the purpose of sampling, 
and the control means determines whether or not the 
content includes a flag indicating sample content, and 
permits playback of the content according to a determi- 
nation result. 

[0016] in another embodiment of the information 
processing apparatus of the present invention, the in- 
formation processing apparatus further includes send- 
ing means for sending a service registration request, 
and receiving means for receiving the default usage- 
right information sent from a license server in response 
to the registration request. 

[0017] In another embodiment of the information 
processing apparatus of the present invention, the re- 
ceiving means further receives key information neces- 
sary for decoding the content. 

[0018] In a second aspect, the present invention pro- 
vides an information processing apparatus for issuing a 
usage right having usage rules of encrypted content, the 
information processing apparatus including: 

receiving means for receiving a registration re- 
quest; and 

sending means for sending key information and de- 
fault usage-right information in response to the reg- 
istration request, the key information being neces- 
sary for decoding the encrypted content. 

[0019] In an embodiment of the information process- 
ing apparatus of the present invention, the content 
which is permitted for use based on the default usage- 
right information is provided for the purpose of sampling, 
and the default usage-right information includes a de- 
scription indicating that playback of the content is per- 
mitted when the content includes a flag indicating sam- 
ple content. 

[0020] In a third aspect, the present invention pro- 
vides an information processing method for controlling 
decoding and using of encrypted content, the informa- 
tion processing method including a control step of con- 
trolling content use based on usage-right information 
corresponding to the content according to an instruction 
to use the content, 

wherein the control step includes: 

a step of determining whether or not the content in- 



cludes information indicating association with de- 
fault usage-right information recorded in manufac- 
turing or default usage-right information obtained at 
a service registration time; and 
5 a step of permitting the content to be decoded and 
used based on the description of the default usage- 
right information when the content includes the in- 
formation indicating association with the default us- 
age-right information. 

w 

[0021] In an embodiment of the information process- 
ing method of the present invention, the content which 
is permitted for use based on the default usage-right in- 
formation is provided for the purpose of sampling, and 

is the control step further includes a step of determining 
whether or not the content includes a flag indicating 
sample content, and permitting playback of the content 
according to a determination result. 
[0022] In another embodiment of the information 

20 processing method of the present invention, the infor- 
mation processing method further includes a sending 
step of sending a service registration request, and a re- 
ceiving step of receiving the default usage-right infor- 
mation sent from a license server in response to the reg- 

25 istration request. 

[0023] In another embodiment of the information 
processing method of the present invention, the infor- 
mation processing method further includes a step of re- 
ceiving key information necessary for decoding the con- 

30 tent. 

[0024] In a fourth aspect, the present invention pro- 
vides an information processing method for issuing a us- 
age right having usage rules of encrypted content, the 
information processing method including: 

35 

a receiving step of receiving a registration request; 
and 

a sending step of sending key information and de- 
fault usage-right information in response to the reg- 
40 istration request, the key information being neces- 
sary for decoding the encrypted content. 

[0025] In an embodiment of the information process- 
ing method of the present invention, the content which 

45 j s permitted for use based on the default usage-right in- 
formation is provided for the purpose of sampling, and 
the default usage-right information includes a descrip- 
tion indicating that playback of the content is permitted 
when the content includes a flag indicating sample con- 

50 tent. 

[0026] In a fifth aspect, the present invention provides 
a computer program for performing an information proc- 
ess for controlling decoding and using of encrypted con- 
tent, the computer program including a control step of 
55 controlling content use based on usage-right informa- 
tion corresponding to the content according to an in- 
struction to use the content, 

wherein the control step includes: 



3 



EP 1 524 604 A1 



5 

a step of determining whether or not the content in- 
cludes information indicating association with de- 
fault usage-right information recorded in manufac- 
turing or default usage-right information obtained at 
a service registration time; and 
a step of permitting the content to be decoded and 
used based on the description of the default usage- 
right information when the content includes the in- 
formation indicating association with the default us- 
age-right information. 

[0027] In an embodiment of the computer program of 
the present invention, the content which is permitted for 
use based on the default usage-right information is pro- 
vide for the purpose of sampling, and the control step 
further includes a step of determining whether or not the 
content includes a flag indicating sample content, and 
permitting playback of the content according to a deter- 
mination result 

[0028] In another embodiment of the computer pro- 
gram of the present invention, the computer program 
further includes a sending step of sending a service reg- 
istration request, and a receiving step of receiving the 
default usage-right information sent from a license serv- 
er in response to the registration request. 
[0029] In another embodiment of the computer pro- 
gram of the present invention, the computer program 
further includes a step of receiving key information nec- 
essary for decoding the content. 
[0030] In a sixth aspect, the present invention pro- 
vides a computer program for performing an information 
process for issuing a usage right having usage rules of 
encrypted content, the computer program including: 

a receiving step of receiving a registration request; 
a sending step of sending key information and de- 
fault usage-right information in response to the reg- 
istration request, the key information being neces- 
sary for decoding the encrypted content. 

[0031] In an embodiment of the computer program of 
the present invention, the content which is permitted for 
use based on the default usage-right information is pro- 
vided for the purpose of sampling, and the default us- 
age-right information includes a description indicating 
that playback of the content is permitted when the con- 
tent includes a flag indicating sample content. 
[0032] In a seventh aspect, the present invention pro- 
vides a content usage management system including a 
content using apparatus for decoding and using en- 
crypted content, and a usage-right issuing apparatus for 
issuing a usage right having usage rules of the encrypt- 
ed content, wherein the content using apparatus in- 
cludes: 

sending means for sending a service registration re- 
quest; and 

receiving means for receiving default usage-right 



information sent from a license server in response 
to the registration request, and 
the usage-right issuing apparatus includes: 
receiving means for receiving the registration re- 
5 quest; and 

sending means for sending key information and the 
default usage-right information in response to the 
registration request, the key information being nec- 
essary for decoding the encrypted content. 

w 

[0033] In an eighth aspect, the present invention pro- 
vides a content usage managing method for a content 
usage management system including a content using 
apparatus for decoding and using encrypted content, 
15 and a usage-right issuing apparatus for issuing a usage 
right having usage rules of the encrypted content, the 
content usage managing method including: 

a registration-request sending step of sending a 
20 service registration request from the content using 
apparatus to the usage-right issuing apparatus; 
a data sending step of, in the usage-right issuing 
apparatus, receiving the registration request and 
sending key information and default usage-right in- 
25 formation in response to the registration request, 
the key information being necessary for decoding 
the encrypted content; and 
a receiving step of, in the content using apparatus, 
receiving the default usage-right information. 

30 

[0034] According to the structure of the present inven- 
tion, a client obtains default usage-right information (De- 
fault Usage Right) when it is registered to a license serv- 
er, and is permitted to play back the content based on 
35 the default usage-right information in a content preview 
process without purchasing the content. Therefore, the 
user is able to preview and play back the content without 
purchasing the content. The client which is permitted to 
preview the content is limited to a client which has been 
40 registered to the license server to obtain the default us- 
age-right information. This prevents preview-data from 
being randomly distributed. 

[0035] According to the structure of the present inven- 
tion, furthermore, also in the content preview process 

45 without purchasing the content, only the user having au- 
thorized DNKs for a hardware EKB [EKB(H)] serving as 
an EKB corresponding to a category tree established for 
hardware devices, which are content-using devices, 
and a service EKB [EKB(S)] serving as an EKB corre- 

50 sponding to a category tree established for content-us- 
ing services can play back the content and preview the 
content with limited playback control. 
[0036] The computer program of the present inven- 
tion is a computer program which can be offered in the 

55 computer-readable form to, for example, a general-pur- 
pose computer system capable of executing various 
program code by means of storage media or communi- 
cation media, for example, storage media such as CDs, 
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FDs, and MOs, or communication media such as a net- 
work. Such a computer-readable program is offered, so 
that the process according to the program can be per- 
formed on a computer system. 
[0037] Other objects, features, and advantages of the 
present invention will become apparent from the follow- 
ing detailed description of an embodiment of the present 
invention taken in conjunction with the appended draw- 
ings. As used herein, the term system is a logical set of 
a plurality of apparatuses, and these apparatuses are 
not necessarily housed in the same case. 

Brief Description of the Drawings 

[0038] 

Fig. 1 is a schematic diagram showing the overview 
of a content providing system according to the 
present invention. 

Fig. 2 is a diagram showing an example structure 
of each of a client, servers, and a management sys- 
tem. 

Fig. 3 is a tree structural view showing a process 
for encrypting various keys and data and a process 
for delivering the encrypted keys and data. 
Fig. 4 is an illustration of an example enabling key 
block (EKB) used for delivery of the various keys 
and data. 

Fig. 5 is an illustration of an example delivery and 
decoding process of a content key using an ena- 
bling key block (EKB). 

Fig. 6 is a view showing an example format of an 
enabling key block (EKB). 

Fig. 7 is an illustration of the tag structure of the en- 
abling key block (EKB). 

Fig. 8 is an illustration of category division in the tree 
structure. 

Fig. 9 is an illustration of category division in the tree 
structure. 

Fig. 1 0 is an illustration of a specific example of cat- 
egory-based division in the tree structure. 
Fig. 11 is a chart showing a sequence (part 1) of 
operation steps performed between entities in a 
content purchase or preview process. 
Fig. 12 is a flow diagram showing a procedure for 
generating and issuing a transaction ID performed 
in a management system. 

Fig. 13 is a chart showing a sequence (part 2) of 
operation steps performed between the entities in 
the content purchase or preview process. 
Fig. 14 is a flow diagram showing a download per- 
mission procedure performed in the management 
system. 

Fig. 15 is a view showing an example data structure 
of a start-up file. 

Fig. 16 is a flow diagram showing an application ex- 
ecuting procedure based on the start-up file per- 
formed by a client. 



Fig. 1 7 is a view showing an example data structure 
of service data and usage-right information. 
Fig. 18 is a chart showing a sequence of operation 
steps performed between the entities in the content 
5 purchase process. 

Fig. 1 9 is a diagram showing the overview of a con- 
tent playback process. 

Fig. 20 is a diagram showing an example process 
for decoding and using content using an enabling 
w key block (EKB). 

Fig. 21 is a chart showing a sequence of operation 
steps performed between the entities in the content 
preview process. 

Fig. 22 is a flowchart showing the overview of a pre- 

15 view-content playback process. 

Fig. 23 is a chart showing a sequence (part 1 ) of 
operation steps performed between entities in a li- 
cense or content backup/restoration process. 
Fig. 24 is a view showing an example structure of a 

20 restoration request file [restore.dat]. 

Fig. 25 is a view showing a MAC generation mech- 
anism. 

Fig. 26 is a chart showing a sequence (part 2) of 
operation steps performed between the entities in 

25 the license or content backup/restoration process. 

Fig. 27 is a chart showing a sequence (part 3) of 
operation steps performed between the entities in 
the license or content backup/restoration process. 
Fig. 28 is a flowchart showing a recommendation 

so file generation process. 

Fig. 29 is an illustration of a recommendation file 
generation view. 

Fig. 30 is a view showing an example structure of a 
recommendation file. 
35 Fig. 31 is a view showing an example structure of a 
content file contained in the recommendation file. 
Fig. 32 is a view showing a display example of a 
content description file contained in the recommen- 
dation file. 

40 Fig. 33 is a flowchart (part 1 ) for a license informa- 
tion obtaining process of a client which has received 
the recommendation file. 

Fig. 34 is a flowchart (part 2) for the license infor- 
mation obtaining process of the client which has re- 
45 ceived the recommendation file. 

Best Mode for Carrying Out the Invention 

[0039] The structure of the present invention is de- 
50 scribed in detail hereinbelow. The description is made 
in the context of items listed below: 

1 . Content Providing System Overview 

2. Regarding Tree Structure as Key Distribution 
55 Mechanism 

3. EKB-based Key Distribution 

4. EKB Format 

5. Category Classification of Tree 
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6. Content Purchase and Preview Process 

7. Backup/Restoration Process 

8. Secondary Distribution of Content Based on Rec- 
ommendation File 

[1. Content Providing System Overview] 

[0040] Fig. 1 is a diagram showing the overview of a 
content providing system in accordance with the present 
invention. A client 1 0 which uses content is an informa- 
tion processing apparatus serving as a device capable 
of using, or playing back, the content, such as a PC or 
a PDA. The client 10 has a browser 11 and a client ap- 
plication 12, which are implemented in software, and a 
controller, such as a CPU, executes programs of the 
browser 11, the client application 12, and the like. 
[0041] The client application 12 is an application for 
performing a content purchase and preview process on 
the client, a process for obtaining license information in- 
cluding service data and content usage-right informa- 
tion, as described below : a backup/restoration process 
of content and license information, a content usage-right 
checking process, a content playback management 
process, a process for generating a recommendation 
file serving as a content file for secondary distribution, 
and so on. The client application 12 is stored as a 
processing program in the client information processing 
apparatus, as described in detail below. As used herein, 
"preview" includes not only audible preview of audio da- 
ta but also visual preview of image data. 
[0042] The client 1 0 is connected to a shop server 21 , 
a license server 22, and a content server 23 via a com- 
munication network, such as the Internet. The content 
server 23 sends content to the client 10. The license 
server 22 sends usage-right information of the content 
to be used by the client to the client 1 0. The shop server 
21 functions as a contact accessed by the client 10 to 
purchase the content. The shop server 21 provides the 
content which can be purchased or previewed via the 
browser, and receives a purchase or preview request 
from the client. The shop server 21 also performs a bill- 
ing operation for the purchased content, if necessary. 
[0043] The shop server 21 and the license server 22 
are also connected with a management system 31 . The 
management system 31 issues a transaction ID (TID) 
serving as permission information in response to a con- 
tent request from the client 1 0 received by the shop serv- 
er 21 , and also issues content download permission in- 
formation. The management system 31 further author- 
izes the license server 22 to issue usage-right data (Us- 
age Right) serving as content usage-right information. 
The details of these processes are described below. 
[0044] The client 1 0 obtains the usage right from the 
license server 22 and the content from the content serv- 
er 23 under the control of the client application 12. The 
client 10 starts the browser 11 under the control of the 
client application 12 to perform a preview and payment 
process for the information provided by the shop server 



21. 

[0045] Although only one client, shop server, license 
server, and content server are shown in Fig. 1 , multiple 
clients, shop servers, license servers, and content serv- 
5 ers are connected across a communication network, 
such as the Internet. Each client is free to access various 
shop servers to select desired items from the content 
provided by the shop servers to obtain the content from 
a content server which stores the selected content. The 
10 client further selects a license server which issues the 
usage right of the obtained content to obtain the usage 
right from the selected license server. 
[0046] The content is sent as encrypted content to the 
client 1 0 from the content server 23. The license server 
15 22 also sends the content usage-right information cor- 
responding to the content to the client 10. The usage- 
right information is verified by the client application 12 
of the client 10, and the encrypted content is decoded 
when it is determined the usage right is present. 
20 [0047] The client 1 0 has key information for allowing 
content use based on the content usage right, that is, 
key data including an enabling key block (EKB), a device 
node key (DNK), and so forth. The enabling key block 
(EKB) and the device node key (DNK) are key data for 
25 obtaining an encryption key necessary for content use, 
which allows only the user device having the authorized 
content usage right to decode and use the encrypted 
content. The EKB and the DNK are described below. 
[0048] The content server 23 encrypts content, and 
30 sends the encrypted content to the client 1 0. The license 
server 22 generates usage-right information (Usage 
Right) based on content usage rules and conditions, and 
sends the generated usage right to a user device 30. 
The license server 22 further generates service data 
35 based on the device node key (DNK) and enabling key 
block (EKB) provided by the management system 31 , 
and sends the generated service data to the client 10. 
The service data includes an enabling key block (EKB) 
having a service device node key (SDNK) necessary for 
40 decoding the encrypted content. 

[0049] The content usage rules include a requirement 
on a limited use period, a limited time the content can 
be copied, a limited number of portable media (PM) 
which can concurrently use the content (this number 
45 corresponds to the number of so-called check-outs), 
and so on. The portable media (PM) are storage media 
for use in portable devices, such as a flash memory, of 
a mini HD, an optical disk, a magneto-optical disk, and 
an MD (Mini Disk). 
so [0050] An example structure of an information 
processing apparatus which can function as each of the 
client 1 0, the shop server 21 , the license server 22, the 
content server 23, and the management system 31 is 
shown in Fig. 2. Each system is realized by storing a 
55 process program corresponding to each operation in a 
system having a CPU, such as a PC or a server. 
[0051] An example structure of each system will be 
described with reference to Fig. 2. A CPU (Central 
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Processing Unit) 101 executes various operations ac- 
cording to various programs stored in a ROM (Read On- 
ly Memory) 102 or a program stored in a storage unit 
108 and loaded to a RAM (Random Access Memory) 
103. A timer 100 performs a dock operation, and sup- 
plies clock information to the CPU 101 . 
[0052] The ROM (Read Only Memory) 102 stores a 
program used by the CPU 101, calculation parameters, 
fixed data, and so on. The RAM (Random Access Mem- 
ory) 1 03 stores a program used for execution of the CPU 
101, parameters which appropriately vary depending 
upon the executed program, and so on. These compo- 
nents are connected with each other via a bus 111 , such 
as a CPU bus. 

[0053] An encryption/decryption unit 1 04 performs a 
content encryption and decryption process, an encryp- 
tion process using, for example, a DES (Data Encryption 
Standard) encryption algorithm, which is applied to a de- 
vice node key (DNK) and an enabling key block (EKB), 
a MAC generation and verification process, etc. The en- 
cryption/decryption unit 104 also performs various en- 
cryption processes, such as authentication for transmis- 
sion and reception of content or license information be- 
tween this device and another device connected there-, 
to, and session key sharing process. 
[0054] A codec unit 105 encodes and decodes data 
using various techniques, such as ATRAC (Adaptive 
Transform Acoustic Coding)-3, MPEG, and JPEG. The 
data to be processed is input via the bus 111 , an input/ 
output interface 112 from a removable storage medium 
121 via a drive 110 or from a communication unit 109. 
The processed data is stored in the removable storage 
medium 121 or is output from the communication unit 
109 according to necessity. 

[0055] An input unit 106, including a keyboard amd a 
mouse, an output unit 107 including a display, such as 
a CRT or an LCD, and a speaker, the storage unit 1 08 
such as a hard disk, the communication unit 1 09 formed 
of a modem, a terminal adapter, etc., are connected with 
the input/output interface 112 so as to transmit and re- 
ceive data over a communication network, such as the 
Internet. 

[2. Regarding Tree Structure as Key Distribution 
Mechanism] 

[0056] A device and key management mechanism us- 
ing a tree, which is one form of broadcast encryption 
scheme which enables only a client having an author- 
ized content usage right to use the content will be de- 
scribed. 

[0057] In Fig. 3, devices numbered 0 to 15 at the bot- 
tom are user devices serving as clients which use the 
content. Leaves of the hierarchical tree structure shown 
in Fig. 3 correspond to devices. 
[0058] Each of the devices 0 to 15 stores a key set 
(device node key (DNK)) formed of keys (node keys) 
assigned to the nodes from the leaf of each device to 



the root in the tree shown in Fig. 3 and a leaf key of each 
leaf in its memory when or after each device is manu- 
factured or shipped. In Fig. 3, K0000 to K1111 at the 
bottom are leaf keys assigned to the devices 0 to 15, 

5 respectively, and keys KR to K1 1 1 from the KR (root key) 
at the top to keys assigned to the nodes in the second 
layer from the bottom are node keys. 
[0059] In the tree structure shown in Fig. 3, for exam- 
ple, the device 0 has a leaf key KOO00, and node keys 

10 K000, K00, K0, and KR. The device 5 has K01 01 , K01 0, 
K01 , K0, and KR. The device 15 has K1111 , K111 , K11 , 
K1 , and KR. In the tree shown in Fig. 3, only 1 6 devices 
0 to 1 5 are shown , and the tree has a symmetrical struc- 
ture with four layers; however, the tree may include more 

is devices and may have a different number of layers in 
different portions of the tree. 

[0060] The devices in the tree structure shown in Fig. 
3 include various types of devices using various record- 
ing media such as a DVD, CD, MD, and flash memory 

20 embedded in the devices or removable from the devic- 
es. A variety of application services can also co-exist. 
Such co-existence of different devices and different ap- 
plications is applied with the hierarchical tree structure 
shown in Fig. 3, which is a content or key distribution 

25 mechanism. 

[0061] In a system in which various devices and ap- 
plications co-exist, for example, the components encir- 
cled with a dotted line shown in Fig. 3, that is, the devices 
0, 1, 2, and 3, are combined into one group using the 

30 same recording medium. For example, the devices be- 
longing to the group encircled with the dotted line are 
collectively subjected to processing, such that common 
content is encrypted and is sent to the devices from a 
provider, a content key shared with the devices is sent 

35 to the devices, or content-fee-payment data is encrypt- 
ed and is output to a provider, a settlement organization, 
or the like. An organization which transmits and receives 
data to and from the devices, such as a content server 
a license server, or a shop server, sends the data to the 

40 portion encircled with the dotted line shown in Fig. 3, or 
a group of the devices 0,1,2, and 3, at the same time. 
The tree shown in Fig. 3 includes a plurality of groups. 
An organization which transmits and receives data to 
and from the devices, such as a content server, a license 

45 server, or a shop server, functions as message-data de- 
livery means. 

[0062] The node keys and the leaf keys may be man- 
aged together by a single management system having 
a key management center function, or may be managed 

so group-by-group by the message-data delivery means, 
such as a provider or settlement organization, which 
transmits and receives various data to and from each 
group. The node keys and the leaf keys are renewed by 
a management system having a key management cent- 

55 erfunction, a provider, a settlement organization, orthe 
like, for example, if the keys are intercepted. 
[0063] In the tree structure, as is apparent from Fig. 
3, each of the three devices 0,1,2, and 3 belonging to 
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the group has a device node key (DNK), i.e., a device 
node key (DNK) containing the shared keys KOO, KO, 
and KR. This node key sharing mechanism allows, for 
example, a common key to be sent to only the devices 
0, 1 , 2, and 3. For example, the shared node key KOO is 
a common key shared by the devices 0, 1 , 2, and 3. Dis- 
tribution of a value Enc(K00, Knew) formed by encrypt- 
ing a new key Knew using the node key KOO to the de- 
vices 0, 1,2, and 3 via a network or by means of a re- 
cording medium having the value allows only the devic- 
es 0, 1, 2, and 3 to use their shared node key KOO to 
decode the encrypted value Enc(K00, Knew) to obtain 
the new key Knew. Enc(Ka, Kb) represents data formed 
by encrypting Kb using Ka. 

[0064] If it is discovered at a certain time t that the 
keys K0011 , K001 , KOO, KO, and KR owned by the de- 
vice 3 have been compromised and revealed by an at- 
tacker (hacker), in order to protect data to be exchanged 
thereafter in the system (a group of the devices 0,1,2, 
and 3), the device 3 must be separated from the system. 
Therefore, it is necessary to renew the node keys K001 , 
K00, KO, and KR to keys K(t)001 , K(t)00, K(t)0, and K(t) 
R, respectively, and to report the renewed keys to the 
devices 0, 1, and 2. As used herein, K(t)aaa represents 
a renewed key at generation t of a key Kaaa. 
[0065] A process for distributing a renewed key will 
now be described. Key renewal is carried out by supply- 
ing a table formed of block data, called an enabling key 
block (EKB) shown in, for example, Fig. 4(A), to the de- 
vices 0, 1 , and 2, for example, over a network or by 
means of a recording medium having the table stored 
therein. The enabling key block (EKB) is formed of en- 
crypted keys for distribution of renewed keys to the de- 
vices corresponding to the leaves of the tree structure 
shown in Fig. 3. The enabling key block (EKB) may be 
referred to as a key renewal block (KRB). 
[0066] The enabling key block (EKB) shown in Fig. 4 
(A) is formed as block data having a data structure which 
can be updated only by the devices whose node key 
must be renewed. The example shown in Fig. 4 indi- 
cates block data formed for the purpose of distributing 
renewed node keys at generation t to the devices 0, 1 , 
and 2 in the tree structure shown in Fig. 3. As is apparent 
from Fig. 3, the device 0 and the device 1 need the re- 
newed node keys K(t)00, K(t)0, and K(t)R, and the de- 
vice 2 needs the renewed node keys K(t)001, K(t)00, K 
(t)0, and K(t)R. 

[0067] As indicated by the EKB shown in Fig. 4(A), 
the EKB includes a plurality of encrypted keys. The en- 
crypted key at the bottom is Enc(K0010, K(t)001), which 
is formed by encrypting the renewed node key K(t)001 
using the leaf key K0010 of the device 2. The device 2 
can use its leaf key to decode the encrypted key to ob- 
tain K(t)001 . The device 2 can further use the K(t)001 
obtained as a result of decoding to decode the encrypt- 
ed key Enc(K(t)001 , K(t)00) in the second row from the 
bottom shown in Fig. 4(A) to obtain the renewed node 
key K(t)00. Likewise, the device 2 can decode the en- 



crypted key Enc(K(t)00, K(t)0) in the second row from 
the top shown in Fig. 4(A) to obtain the renewed node 
key K(t)0, and can decode the encrypted key Enc(K(t) 
0, K(t)R) in the first row from the top shown in Fig. 4(A) 

5 to obtain K(t)R. On the other hand, the devices KO000 
and K0001 whose node key KOOO need not be renewed 
require the renewed node keys K(t)00, K(t)0, and K(t)R. 
The devices K00OO and K0001 decode the encrypted 
key Enc(K000, K(t)00) in the third row from the top 

10 shown in Fig. 4(A) to obtain K(t)00, decode the encrypt- 
ed key Enc(K(t)00, K(t)0) in the second row from the top 
shown in Fig. 4{A) to obtain the renewed node key K(t) 
0, and decode the encrypted key Enc(K(t)0, K(t)R) in 
the first row from the top shown in Fig. 4(A) to obtain K 

15 (t)R. The devices 0, 1, and 2 can therefore obtain the 
renewed key K(t)R. The index shown in Fig. 4(A) repre- 
sents the absolute address of the node key and leaf key 
used as a decoding key. 

[0068] In a case where the renewed node keys K(t)0 

20 and K(t)R in higher layers of the tree structure shown in 
Fig. 3 are not required and only the node key KOO need 
be renewed, an enabling key block (EKB) shown in Fig. 
4(B) can be used to distribute the renewed node key K 
(t)00 to the devices 0, 1 , and 2. 

25 [0069] The EKB shown in Fig. 4(B) is useful for, for 
example, distribution of a new content key shared in a 
particular group. In a specific example, it is assumed 
that the devices 0,1,2, and 3 in a group encircled with 
a dotted line shown in Fig. 3 use a given recording me- 

30 dium and require a new common content key K(t)con. 
In this case, data Enc(K(t), K(t)con) formed by encrypt- 
ing a new common renewed content key K(t)con using 
the renewed K(t)00 of the node key KOO common to the 
devices 0, 1, 2, and 3 is distributed together with the 

35 EKB shown in Fig. 4(B). Therefore, this data can be dis- 
tributed as data which cannot be decoded by a device 
in other groups, such as the device 4. 
[0070] Specifically, the devices 0 ; 1 , and 2 use K(t)00 
obtained by processing the EKB to decode the above- 

40 described encrypted text to obtain a key at the time t, 
for example, the content key K(t)con used to encrypt/ 
decode the content. 

[3. EKB-based Key Distribution] 

45 

[0071] Fig. 5 shows a process for obtaining the key at 
the time t, for example, the content key K(t)con used to 
encrypt/decode the content, showing, for example, the 
processing of the device 0 which receives the data Enc 

so (K(t)00, K(t)con) formed by encrypting the new common 
content key K(t)con using K(t)00, and the EKB shown 
in Fig. 4(B) by means of a recording medium. In this ex- 
ample, the encrypted message data formed of an EKB 
is the content key K(t)con. 

55 [0072] As shown in Fig. 5, the device 0 performs the 
EKB processing, which is similar to that described 
above, using the EKB at the generation t stored in the 
recording medium and the node key KOOO stored in ad- 
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vance by the device 0 to generate the node key K(t)00. 
The device 0 further uses the decoded renewed node 
key K(t)00 to decode the renewed content key K(t)con, 
and encrypts the decoded renewed content key K(t)con 
using the leaf key K0000 owned only by the device 0, 
which is then stored for later use. 

[4. EKB Format] 

[0073] Fig. 6 shows an example format of an enabling 
key block (EKB). A version 201 is an identifier indicating 
the version of the enabling key block (EKB). The version 
has functions of identifying the latest EKB and indicating 
the correspondence with the content. A depth indicates 
the number of layers In the hierarchical tree for the de- 
vices to which the enabling key block (EKB) is distribut- 
ed. A data pointer 203 is a pointer indicating the location 
of a data section in the enabling key block (EKB), and 
a tag pointer 204 and a signature pointer 205 are point- 
ers indicating the location of a tag section and a signa- 
ture, respectively. 

[0074] A data section 206 contains data obtained by, 
for example, encrypting renewed node keys. The data 
section 206 contains, for example, the encrypted keys 
of the renewed node keys, etc., shown in Fig. 5. 
[0075] A tag section 207 includes tags indicating the 
positional relationship between the encrypted node 
keys stored in the data section and the leaf keys. An 
allocation rule for the tags will be described with refer- 
ence to Fig. 7. In Fig. 7, the enabling key block (EKB) 
described above with reference to Fig. 4(A) is sent as 
data, by way of example. This data is indicated by the 
table (b) shown in Fig. 7. The address of the top node 
contained in the encrypted key is referred to as a top 
node address. In this example, the renewed key K(t)R 
of the root key is contained, and the top node address 
is KR. For example, the data Enc(K(t)0, K(t)R) in the top 
layer is located at position indicated in a hierarchical tree 
shown in Fig. 7(a). The subsequent data is Enc(K(t)00, 
K(t)0), and is located at the position left below the pre- 
vious data in the tree. The tag is set to 0 in case of pres- 
ence of data, and is set to 1 in case of absence of data. 
The tags are defined as {left (L) tag, right (R) tag}. The 
data Enc(K(t)0, K(t)R) in the top row is allocated L tag 
= 0 because data is located to the left, and is allocated 
R tag = 1 because data is not located to the right. All the 
remaining data are allocated tags, and a data string and 
tag string shown in Fig. 7(c) are configured. 
[0076] The tags are allocated in order to indicate at 
which position of the tree structure data Enc{Kxxx, Kyyy) 
is located. The key data Enc(Kxxx, Kyyy) ... stored in 
the data section is merely a data sequence of encrypted 
keys. The tags can be used to determine at which posi- 
tion of the tree the encrypted keys stored as data, are 
located. It is possible to configure, for example, the fol- 
lowing data structure using the node indexes corre- 
sponded with the encrypted data described above with 
reference to Fig. 4 without tags: 



0: Enc(K(t)0, K(t)root) 
00: Enc(K(t)00, K(t)0) 
000: Enc(K((t)000, K(T)00) 

5 However, such a data structure using indexes is redun- 
dant, i.e., has a large amount of data, and is not suitable 
for network-based distribution, etc. In contrast, as de- 
scribed above, tags are used as index data indicating 
the position of keys to determine the position of keys 

10 with a smaller amount of data. 

[0077] Referring back to Fig. 6, the EKB format will 
further be described. A signature 208 includes an elec- 
tronic signature handled by, for example, a manage- 
ment system havi ng a key management center function , 

is a content server, a license server, a shop server, or the 
like which issues an enabling key block (EKB). A device 
which received the EKB checks the signature to deter- 
mine whether or not the obtained EKB is the enabling 
key block (EKB) issued by the authorized enabling key 

20 block (EKB) issuer. 

[5. Category Classification of Tree] 

[0078] A mechanism in which a hierarchical tree stric- 
25 ture defining the node keys, etc., is classified into cate- 
gories of the devices to efficiently renew the keys, dis- 
tribute the encrypted keys, and distribute the data will 
be described hereinbelow. 

[0079] Fig. 8 shows an example of category classifi- 

30 cation in the hierarchical tree structure. In Fig. 8, a root 
key Kroot 301 is set at the top of the hierarchical tree 
structure, node keys 302 are set in the lower intermedi- 
ate layers, and leaf keys 303 are set at the bottom. Each 
device has an individual leaf key, a series of node keys 

35 from the leaf key to the root key, and the root key. 

[0080] As an example, predetermined nodes at the 
top down to the M-th layer are set as category nodes 
304. That is, each of the nodes in the M-th layer is set 
as a node to which a specific category of device is as- 

40 signed. One of the nodes in the M-th layer is set as the 
top, and the nodes in the (M + 1)-th and the following 
layers and the leaves are the nodes and leaves associ- 
ated with the devices belonging to this category. 
[0081] For example, a node 305 in the M-th layer 

45 shown in Fig. 8 is assigned a category [memory stick 
(trademark)], and the nodes and leaves which follow this 
node are set as category-specific nodes or leaves in- 
cluding various devices using a memory stick. Thus, the 
nodes below the node 305 are defined as a set of nodes 

so and leaves associated with the devices defined in the 
memory stick category. 

[0082] The nodes in the layers several layers below 
the M-th layer can be set as sub-category nodes 306. 
For example, as shown in Fig. 8, a node in the layer two 
55 layers below the layer of the category [memory stick] 
node 305 is assigned a sub-category node belonging to 
the category of the devices using a memory stick, called 
a [playback-only device] node. A music playback func- 
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tion-equipped phone node 307 belonging to the play- 
back-only device category can be configured below the 
playback-only device node 306 that is a sub-category 
node, below which a [PHS] node 308 and a [cellular 
phone] node 309 belonging to the category of music 
playback function-equipped phones can be configured. 
[0083] The categories and sub-categories can be set 
based on device types as well as arbitrary units, such 
as unique management nodes of a manufacturer, a con- 
tent provider, a settlement organization, etc., that is, 
processing units, management units, or provided serv- 
ice units (these are hereinafter collectively referred to 
as entities). For example, assuming that a category 
node is assigned the top node specific to a game device 
XYZ commercially available from a game device man- 
ufacturer, the node keys and leaf keys in the layers be- 
low the top node layer can be stored in the game device 
XYZ commercially available from the manufacturer, and 
the game device XYZ can be sold. Thereafter, an ena- 
bling key block (EKB) formed by the node keys and leaf 
keys under the top node key is generated and distribut- 
ed, thus allowing distribution of data such that distribu- 
tion of encrypted content or distribution or renewal of 
various keys can be used only on the devices under the 
top node. 

[0084] Accordingly, one node is set as the top, and 
the node below this node are set as nodes associated 
with categories or sub-categories assigned to this top 
node. This enables a manufacturer, a content provider, 
or the like whfch manages a top node in a category or 
sub-category layer to uniquely generate an enabling key 
block (EKB) having this node as the top and to distribute 
the generated EKB to the devices belonging to the top 
node. Therefore, renewal of keys can be carried out 
without any effect on devices which do not belong to the 
top node but which belong to another category node. 
[0085] In the system of the present invention, as 
shown in Fig. 9, keys are managed using a system hav- 
ing a tree structure, in the example shown in Fig. 9, 
nodes in 8 + 24 + 32 layers form a tree, and the nodes 
in the eight layers below and including the root node are 
associated with categories. As used herein, the term 
category means a category, such as a category such as 
the category of devices using a semiconductor memory, 
for example, a memory stick, or the category of digital 
broadcast receiving devices. One of the category nodes 
is associated with the present system (referred to as a 
T-system) serving as a license management system. 
[0086] The keys corresponding to the nodes in the 24 
layers below the layer of the T-system node are associ- 
ated with service providers or services provided by the 
service providers. In this example, therefore, 2 24 (about 
16-mega) service providers or services can be as- 
signed. At the bottom of the 32 layers, 2 s2 (about four- 
giga) users (or user devices) can be assigned. The key 
corresponding to the nodes on a path starting with a 
node in the 32nd layer at the bottom and ending with the 
T-system node constitute a DNK (Device Node Key), 



and an ID corresponding to the leaf at the bottom is re- 
ferred to as a leaf ID. 

[0087] For example, the content key with which the 
content is encrypted is encrypted using a renewed root 

5 key KR', and renewed node keys in a high layer are en- 
crypted using renewed node keys in the layer directly 
below that layer. These encrypted keys are arranged in 
an EKB. Renewed node keys in the layer one layer high- 
er than the end in the EKB are encrypted using node 

10 keys atthe end of the EKB orthe leaf keys, and are then 
arranged in the EKB. 

[0088] A user device uses any key of the DNK written 
in service data to decode the renewed node keys in the 
layer directly higher than the layer written in the EKB 

is delivered with the content data, and uses the key ob- 
tained as a result of decoding to decode renewed node 
keys in the layer further higher than the layer written in 
the EKB. The user device performs this operation in turn 
to obtain the renewed root key KR'. 

20 [0089] As described above, category classification of 
a tree allows for a mechanism in which one node is set 
as the top and the nodes which follows the top node are 
set as nodes associated with a category or sub-category 
assigned to the top node. This enables a manufacturer, 

25 a service provider, etc., which manages a top node in a 
category or sub-category layer to uniquely generate an 
enabling key block (EKB) having this node as the top 
and to distribute the generated EKB to the devices be- 
longing to the top node. 

30 [0090] The mechanism in which the content is distrib- 
uted and used by using the above-described EKB dis- 
tribution system by managing devices using a tree struc- 
ture to realize a multiple-category EKB distribution 
structure will now be described. 

35 [0091] Two categories will be described below with 
reference to Fig. 10. As shown in Fig. 10, a T-system 
node 351 is configured below a root node 350, and a T- 
service node 352 and a T-hardware node 353 are con- 
figured below the T-system node 351 . A tree whose top 

40 node is the T-hardware node 353 is a category tree in 
which a user device is set as a leaf 355 and a hardware 
EKB [EKB(H)] to be issued to the device is delivered. 
On the other hand, a tree whose top node is the T-serv- 
ice node 352 is a category tree in which a service EKB 

45 [EKB(S)] to be issued to a service provided for a user 
device is delivered. 

[0092] Each of the hardware EKB [EKB(H)] and the 
service EKB [EKB(S)] has a DNK (Device Node Key) 
assigned to an authorized device, i.e., the keys corre- 
50 sponding to the nodes on a path starting with the leaf 
and ending with the T-system node, which is used to 
decode each EKB. 

[6. Content Purchase and Preview Process] 

55 

[0093] The details of a process for a client to purchase 
or preview the content will be described with reference 
to Fig. 11 and the subsequent figures. 
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[0094] Fig. 11 shows an initial communication se- 
quence of steps in a content purchase process per- 
formed between a client having a client application and 
a browser, such as a PC, and a shop server, a content 
server, a license server, and a management system. 
The process shown in the sequence diagram will be de- 
scribed hereinbelow. 

[0095] First, a user on the client side who wants to 
purchase the content specifies a URL (step (1)) on its 
information processing apparatus having a communica- 
tion capability, such as a PC, so as to read a content list 
view (shop page) provided by the shop server via the 
browser (step (2)) and display the content list view on a 
display pane (step (3)). 

[0096] The client selects the content from the content 
list provided by the shop server and determines whether 
the selected content is purchased or previewed (step 
(4)). Then, the client sends request data to the shop 
server via the browser (step (5)). The request data con- 
tains a content ID (CI D), a shop server identifier (Shop 
ID), and data indicating whether the content is pur- 
chased or previewed. 

[0097] Upon receipt of the content purchase or pre- 
view request from the client, the shop server requests 
the management system to determine whether or not 
the content can be provided (step (6)). This request con- 
tains a content ID (CID) and a shop server identifier 
(Shop ID). 

[0098] Upon receipt of the request to determine 
whether or not the content can be provided, the man- 
agement system issues a transaction ID (TID) (step (7)). 
The details of the transaction ID 0"lD) issuing process 
will be described with reference to the flowchart shown 
in Fig. 12. 

[0099] First, in step S101, the management system 
generates random numbers, and generates a transac- 
tion ID (TID) based on the generated random numbers, 
in step S1 02, the generated transaction ID (TID) and the 
content ID (CID) specified by the shop server are asso- 
ciated with each other, and are stored as transaction da- 
ta in a storage unit. Then, the generated transaction ID 
(TID) is output and issued to the shop server. 
[0100] Referring back to the sequence diagram 
shown in Fig. 11, after generating the transaction ID 
(TID), the management system sends the generated 
transaction ID (TID) and price information, as TID infor- 
mation, to the shop server (step (8)). The price informa- 
tion is information requested only for purchasing the 
content, and is not contained in the content preview 
process. The shop server which has received the TID 
information performs a billing process (step (9)) based 
on the price contained in the TID information when a 
content purchase request was made by the client. 
[0101] When a content preview request, not a content 
purchase request, was made by the client, the billing 
process (step (9)) is omitted. 

[01 02] The subsequent process will be described with 
reference to the sequence diagram shown in Fig. 13. 



The shop server sends a download permission request 
for the content to be purchased or previewed to the man- 
agement system on the condition that, in the content 
purchase process, the billing process has been per- 

5 formed or on the condition that, in the content preview 
process, the TID information has been received from the 
management system (step (10)). 
[0103] Upon receipt of the download permission re- 
quest, the management system verifies the download 

10 permission request (step (11)). The details of the down- 
load permission request verification process will be de- 
scribed below with reference to the flowchart shown in 
Fig. 14. 

[0104] First, in step S201, the management system 
15 matches the transaction ID (TID) contained in the re- 
ceived download permission request with the transac- 
tion ID (TID) previously generated and stored in the stor- 
age unit. In step S202, the management system obtains 
the content ID (CID) recorded in association with the 
20 verified transaction ID (TID), and, in step S203, issues 
a download permission of the content corresponding to 
the CID. 

[0105] Referring back to the sequence diagram 
shown in Fig. 13, after checking the download permis- 

25 sion request (step (11 )), the management system issues 
a content download permission to the shop server (step 
(12)). The download permission contains a transaction 
ID (Tl D) , a content server U RL (C-U RL) , a license server 
URL (L-URL), a content ID (CID), a usage-right informa- 

30 tion ID (UID), an item (content) URL (S-URL), and a 
service ID. 

[0106] Upon receipt of the download permission from 
the management system, the shop server generates a 
start-up file for starting a content using (playback, etc.) 
35 program in the client application, and sends the gener- 
ated start-up file to the client application via the browser 
of the client. 

[0107] An example of the start-upfile will be described 
with reference to Fig. 15. A start-up file 360 contains the 

40 transaction ID (TID) generated by the management sys- 
tem, the content ID (CID) of the content to be purchased 
or previewed by the client, the usage-right information 
ID (U ID) contained in the download permission informa- 
tion generated by the management system, the service 

45 id contained in the download permission information 
generated by the management system, the URL of the 
license server, the URL of the item (content), and iden- 
tification data indicating a content purchase or preview 
process. 

so [0108] The identification data indicating a content pur- 
chase or preview process may be configured such that 
identifiers for the purchase process and the preview 
process differ from each other and the client application 
determines which identifier is set in the start-up file to 

55 start an appropriate one of the purchase and preview 
applications. 

[01 09] The client application starts the application de- 
pending upon the start-up file (step (15)). 
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[01 1 0] The application starting process performed by 
the client application will be described with reference to 
Fig. 16. First, in step S301 , it is determined whether or 
not the client system, or the information processing ap- 
paratus, has the service data corresponding to the serv- 
ice ID contained in the start-up file. 
[0111] The service data is received from the license 
server when the client wants to receive various services, 
for example, a content-using service, and is, for exam- 
ple, data which authorizes the overall service usage 
right of the services provided by a specific service pro- 
vider. An example data structure of the service data is 
shown in Fig. 17(a). 

[0112] As shown in Fig. 17(a), service data 370 con- 
tains a leaf ID unique to a client set in an EKB distribution 
tree, aservice ID serving as a service identifier, and data 
E(Kroot r DNK) formed by encrypting a device node key 
(DNK) using a root key (Kroot). In order to receive the 
service data, the client must be registered in the license 
server. The registration process is indicated in steps 
(15) and (16) shown in Fig. 13. 
[0113] If it is determined in step S301 shown in Fig. 
1 6 that the client does not have the service data corre- 
sponding to the service ID, a registration process is per- 
formed in step S302 to receive the service data. 
[01 14] In the registration process, default usage-right 
information is issued to the client from the license server. 
Standard usage-right information contains usage rules 
and conditions of the purchased content, and is issued 
when the content is purchased; whereas, the default us- 
age-right information is not issued on the condition that 
the content is purchased, but is issued on the condition 
that the client is registered or the service data is issued. 
The default usage-right information is used as content 
usage-right information for effective use in the content 
preview process, as described below. 
[0115] An example data structure of the usage-right 
information is shown in Fig. 17(b). As shown in Fig. 17 
(b), usage-right information 371 contains a usage-right 
information ID serving as a usage-right information iden- 
tifier, a timestamp serving as information indicating the 
time and date of issuance, a leaf ID unique to the client, 
a content ID, if the information is issued for content pur- 
chase, and usage-rule-defined content type informa- 
tion. 

[0116] Since the default usage-right information is not 
issued for specific purchased content, the content ID is 
omitted, or is replaced by an ID commonly used for the 
content which can be previewed. The usage-rule-de- 
fined content type information is configured such that, 
for example, th e content whose preview flag is set to ON 
can be used. As shown in Fig. 17(c), content 372 in- 
cludes a preview flag 373. The content whose preview 
flag 373 is set to ON indicates the content which can be 
previewed, and the content whose preview flag is set to 
OFF indicates the content which cannot be previewed. 
[0117] For playback of preview-content, the client ap- 
plication refers to the default usage-right information to 



determine whether or not the content can be played 
back, and verifies the flag of the content to play back the 
content. This process is described below. 
[0118] Referring back to the flowchart shown in Fig. 

5 1 6, the procedure for starting an application will be de- 
scribed. After the registration process in step S302, that 
is, after the service data and the default usage-right in- 
formation has been obtained from the license server, it 
is determined in step S303 whether the start-up file re- 

10 ceived from the shop server is a start-up file for a pur- 
chase application or a start-up file for a preview appli- 
cation. If it is a start-up file for a purchase application, 
the purchase application is executed in step S304. If it 
is a start-up file for a preview application, the preview 

is application is executed in step S305. 

[0119] A sequence of steps for executing the pur- 
chase application will be described with reference to the 
sequence diagram shown in Fig. 18. 
[0120] In the purchase process, the client application 

20 sends a content download request to the content server 
(step (21)). A purchase request of this content has been 
sent from the client, and the content corresponds to the 
content ID (CID) recorded in the usage-right information 
(see Fig. 17(b)). The client application specifies content 

25 based on the content ID (CID) to send a download re- 
quest of the content to the content server. 
[0121] Upon receipt of the content download request, 
the content server sends content information corre- 
sponding to the CID to the client (step (22)). The content 

30 information contains the encrypted content, and is 
formed of a file in which the content data Enc(Kc, Con- 
tent) encrypted using a content key Kc, the data Enc 
(Kroot, Kc) formed by encrypting the content key Kc us- 
ing a root key Kroot, the EKB for obtaining the root key 

35 Kroot, and information, such as the preview flag data 
and the service ID, shown in Fig. 17(c), are added. 
[0122] The client which has received the content in- 
formation sends a request for obtaining usage-right in- 
formation (Usage Right) corresponding to the received 

40 content to the license server (step (23)). The request 
contains the usage-right information ID (UID) contained 
in the start-up file (see Fig. 1 5) previously received from 
the shop server, the leaf ID serving as client identifica- 
tion data, and the transaction ID (TID) contained in the 

45 start-up file (see Fig. 15) previously received from the 
shop server. 

[0123] Upon receipt of the usage-right information 
(Usage Right) obtaining request, the license server 
sends an order inquiry to the management system (step 

50 (24)). This request contains the usage-right information 
ID (UID) and the transaction ID (TID). Upon receipt of 
the order inquiry, the management server sends re- 
sponse information defining the usage rules corre- 
sponding to the usage-right information ID (UID) to the 

55 license server in response to the order inquiry (step 
(25)). 

[0124] Upon receipt of the response information, the 
license server generates usage-right information (Us- 
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age Right) having content usage rules, and issues the 
generated usage-right information to the client (step 
(26)). The content usage rules are formed of the time 
the content can be played back, the expiry, and permis- 
sion information of various operations, such as content 
copying and checkout to an external device. 
[0125] The client which has received the usage-right 
information (Usage Right) is able to use the content pre- 
viously received from the content server based on the 
usage rules recorded in the usage-right information (Us- 
age Right). When a content playback request is sent 
from the user while specifying a content ID (CID) and a 
usage-right information (Usage Right) ID (step (27)), the 
client application performs a content playback process 
according to the usage rules (step (28)). 
[0126] A basic content playback procedure will be de- 
scribed with reference to Fig. 1 9. As is anticipated from 
the foregoing description, content is provided for a client 
383 by a content server 382, and service data and us- 
age-right information (Usage Right) are licensed from a 
license server 381 to the client 383. 
[0127] The content has been encrypted using a con- 
tent key Kc, i.e., Enc(Kc, Content), and the content key 
Kc is a key obtained from a root key Kroot which can be 
obtained from an EKB. 

[0128] The client 383 obtains a device node key 
(DNK) from the service data received from the license 
server, and decodes an EKB in a content file based on 
the obtained DNK to obtain the root key Kroot. The client 
383 further uses the obtained root key Kroot to decode 
Enc(Kroot, Kc) to obtain the content key Kc, and de- 
codes the encrypted content Enc(Kc, Content) using the 
obtained content key Kc to obtain the content for play- 
back. 

[0129] The details of a content playback process in 
association with service data and usage-right informa- 
tion (Usage Right) will be described with reference to 
Fig. 20. 

[0130] Fig. 20 is a sequence diagram showing a con- 
tent-using process based on a content decoding proc- 
ess using a hardware EKB [EKB(H)] and a service EKB 
[EKB(S)]. 

[0131] Service data 401 and usage-right information 
403 shown in Fig. 20 are data received from a license 
server, and an encrypted content file 402 is data re- 
ceived from a content server. The service data 401 con- 
tains a leaf ID serving as a leaf identifier, the version of 
the used EKB, and data E(Kroot', SDNK) formed by en- 
crypting a service-specific device node key (SDNK) nec- 
essary to decode a service EKB [EKB(S)] using a root 
key Kroot' assigned in a hardware category tree. 
[0132] The encrypted content file 402 is a file contain- 
ing a service EKB [EKB(S)] having a root key Kroot as- 
signed in a service category tree, data E(Kroot s CID+Kc) 
.formed by encrypting a content ID (CID) and a content 
key (Kc) used for the content encrypting and decoding 
processes using the root key Kroot, and data E(Kc, Con- 
tet) formed by encrypting the content (Content) using 



the content key Kc. 

[0133] The usage-right information 403 is data con- 
taining a leaf ID and usage-rule information of the con- 
tent. The usage-rule information of the content includes 
5 various usage rules, such as a use period which is de- 
fined depending upon the content, the time the content 
can be used, and copy control. A user device which has 
received the usage-right information 403 stores the us- 
age-right information as security information of the con- 
to tent, or stores the usage-right information in an AV index 
file serving as content index data. 
[0134] A user device having a large-capacity storage 
unit and a high-performance processor, such as a PC, 
can store usage-right information as security informa- 
15 tion of the content. Preferably, such a user device stores 
all usage-right information, and refers to the usage-right 
information stored therein to use the content. On the oth- 
er hand, a user device which does not have a large-ca- 
pacity storage unit and which has a low-performance 
20 processor, such as a portable device (PD), can store the 
usage-right information 403 formed of selected informa- 
tion in an AV index file serving as content index data, 
and can refer to the usage-rule information in the AV 
index file to use the content. 
25 [0135] In step S501 shown in Fig. 20, the user device 
uses a hardware device node key (HDNK) 412 to de- 
code a hardware EKB(H) 41 1 to obtain a root key Kroot' 
assigned in a hardware category tree from the EKB(H) 
411. The DNK-based EKB process corresponds to a 
30 process in accordance with the technique described 
above with reference to Fig. 5. 

[01 36] In step S502, the root key Kroot 1 obtained from 
the EKB(H) is used to decode the encrypted data E 
(Kroof, SDNK) of the service data 401 to obtain a device 
35 node key (SDNK) used for processing (decoding) the 
service EKB [EKB(S)]. 

[0137] In step S503, the device node key (SDNK) ob- 
tained from the service data is used to process (decode) 
the service EKB [EKB(S)] stored in the encrypted con- 
40 tent file 402 to obtain a root key Kroot assigned in the 
service category tree stored in the service EKB [EKB 
(S)J. 

[0138] In step S504, the root key Kroot obtained from 
the service EKB [EKB(S)] is used to decode the encrypt- 
45 ed data E(Kroot, CID+Kc) stored in the encrypted con- 
tent file 402 to obtain a content ID (CID) and a content 
key (Kc). 

[0139] In step S505, the content ID (CID) obtained 
from the encrypted content file 402 is matched with the 

so content ID stored in the usage-right information. When 
it is determined as a result of matching that the content 
can be used, in step S506, thecontent key (Kc) obtained 
from the encrypted content file 402 is used to decode 
the encrypted content E(Kc, Content) stored in the en- 

55 crypted content file 402 to play back the content. 

[0140] As described above, the hardware EKB [EKB 
(H)] serving as an EKB corresponding to a category tree 
established for hardware devices, which are content-us- 
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ing devices, and the service EKB [EKB(S)] serving as 
an EKB corresponding to a category tree established for 
content-using services, can be individually provided for 
a user, thus allowing only the user having the authorized 
DNK for each EKB to use the services. 
[0141] A DNK for decoding a service EKB [EKB(S)], 
i.e., an SDNK, can be provided as the service data 401 
corresponding to the content, and the SDNK is encrypt- 
ed using a root key Kroot' assigned in a hardware cat- 
egory tree which can be obtained only by a device hav- 
ing an authorized hardware DNK, i.e., an HDNK. This 
allows only a user device having the authorized HDNK 
to obtain the SDNK and to use the services. 
[0142] In using the content, the content identifier 
(CID) obtained from the encrypted content file 402 is 
matched with the CID obtained from the usage-right in- 
formation. It is therefore essential to the content play- 
back process to obtain the usage-right information 403 
having the CID information. This can realize content use 
in accordance with the usage rules. 
[0143] The process in a case where the client appli- 
cation executes a preview appiication will be described 
with reference to the sequence diagram shown in Fig. 
21. 

[0144] In the preview process, like the content pur- 
chase process, it is possible to obtain the content infor- 
mation file (see Fig. 1 9) and store it in a storage unit of 
the client system before the content is played back in a 
similar manner to purchased content; however, an ex- 
ample where a streaming playback is performed without 
storage in the storage unit will be described with refer- 
ence to Fig. 21. 

[0145] In the streaming preview process, the client 
application sends a content download request to the 
content server (step (31 )). A preview request of this con- 
tent has been sent from the client. The client application 
specifies content based on the content ID (CID) to send 
a download request of the content to the content server. 
[0146] In streaming playback, the content server se- 
quentially sends partial data of the content (content part) 
to the client (step (32)). The client which has received 
the cotent part plays back the received content part 
(step (33)), and sends a request of the remaining con- 
tent parts to the content server. This process is consec- 
utively performed to achieve streaming playback. 
[0147] A preview playback procedure will be de- 
scribed with reference to the flowchart shown in Fig. 22. 
In step S701 , the client application obtains a service ID 
from a preview content file received from the content 
server. 

[0148] In step S702, it is determined whether or not 
default usage-right information (Default Usage Right) 
(see Fig. 17(b)) corresponding to the extracted service 
ID is present. The default usage-right information is us- 
age-right information which is sent together with the 
service data (see Fig. 17(a)) from the license server 
when the client is registered and which is used for the 
content which can be previewed, unlike the usage-right 



information issued for purchased content. 
[01 49] The content can be previewed on the condition 
that the default usage-right information (Default Usage 
Right) is possessed. If the default usage-right informa- 

5 tion is not possessed, an error occurs in step S705, and 
the process ends without playing back the content. 
[0150] If the default usage-right information (Default 
Usage Right) has been stored, in step S703, the default 
usage-right information is verified to check the recorded 

10 usage right. The default usage-right information con- 
tains, for example, preview permission information of 
the content whose preview flag is on, and content ID 
information of the content which can be previewed, and 
such information is retrieved. 

is [01 51 ] In step S704, the content is played back based 
on the usage rules of the default usage-right information 
(Default Usage Right). As described above with refer- 
ence to Figs. 1 9 and 20, the playback process involves 
a process for decoding the encrypted content received 

20 from the content server. 

[0152] Like the process for playing back the pur- 
chased content described with reference to Fig. 20, also 
in previewing the content without purchasing the con- 
tent, the EKB-based key obtaining process is required 

25 for obtaining the keys for decoding the content. This al- 
lows, for example, only the user having the authorized 
DNKs for the hardware EKB [EKB(H)] serving as an 
EKB corresponding to a category tree established for 
hardware devices, which are content-using devices, 

30 and the service EKB [EKB(S)] serving as an EKB cor- 
responding to a category tree established for content- 
using services to play back the content, and to also pre- 
view the content with limited playback control. 
[0153] As described above, the client obtains the de- 

35 fault usage-right information (Default Usage Right) 
when it is registered to the license server, andean piay 
back the content based on the default usage-right infor- 
mation in the content preview process without purchas- 
ing the content, thus allowing the user to preview and 

40 play back the content without purchasing the content. 
The client which is permitted to preview the content is 
limited to a client which has been registered to the li- 
cense server to obtain the default usage-right informa- 
tion. This prevents preview-data from being randomly 

45 distributed. 

[0154] Streaming playback is shown in the sequence 
diagram shown in Fig. 21 , by way of example. However 
preview-data may be stored in a storage medium of the 
client and may be played back by determining whether 

so or not default usage-right information (Default Usage 
Right) is present and based on the data recorded in the 
default usage-right information. 

[7. Backup/Restoration Process] 

55 

[0155] A backup and restoration processes of the 
content purchased by the client or content usage-right 
information will now be described. 
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[0156] The restoration process is performed in order 
to re-obtain the license information corresponding to the 
content, that is, the service data, to re-obtain and store 
the usage-right information, or to re-obtain the content 
when or after the client purchases the content. 5 
[0157] In one form of the restoration process, any or 
all of the service data, the usage-right information, and 
the content can be re-obtained. In the following exam- 
ple, a sequence of process steps for re-obtaining and 
storing all of the service data, the usage-right informa- io 
tion, and the content is described, by way of example; 
however, all data is not necessarily re-obtained, and any 
of the data may be selectively re-obtained. 
[0158] The details of the backup/restoration process 
will be described with reference to Fig. 23 and the sub- « 
sequent figures. Fig. 23 shows an initial communication 
sequence of steps in the backup/restoration process 
performed between a client having a client application 
and a browser, such as a PC, and a shop server, a con- 
tent server, a license server, and a management sys- 
tem. The process shown in the sequence diagram is de- 
scribed hereinbelow. 

[01 59] it is assumed that the client purchased content 
in an authorized manner according to the above-de- 
scribed content purchase process. The sequence 
shown in Fig. 23 is a sequence of steps subsequent to 
the content purchase process. 

[01 60] The client which purchased the content gener- 
ates a data file for obtaining backup/restoration data, 
that is, a restoration request file [restore.dat] (step (50)). 
The structure of the restoration request file [restore.dat] 
is shown in Fig. 24. 

[0161] As shown in Fig. 24, the restoration request file 
[restore.dat] is formed of a leaf ID serving as client iden- 
tification data in an EKB distribution tree, and a hash 
value, for example, verification data having a MAC 
(Message Authentication Code). The client application 
uses a secret key shared with the management system 
to calculate the hash value or the MAC, which is verifi- 
cation data based on the leaf ID, to generate the resto- 
ration request file [restore.dat] formed of the leaf ID and 
the verification data. 

[0162] The message authentication code (MAC) is 
generated as data for determining whether or not the 
data is tampered with. An example of a process for gen- 
erating a MAC value by means of DES encryption is 
shown in Fig. 25. As shown in Fig. 25, a message to be 
processed is divided into parts each consisting of eight 
bytes (the divided parts of the message are hereinafter 
denoted by M1 , M2 MN). First, the exclusive-OR be- 
tween an initial value (hereinafter referred to as IV) and 
M1 is calculated (wherein the result is indicated by 11). 
Then, 11 is input to a DES encoder to encrypt it using a 
key (hereinafter denoted by K1) (wherein the resultant 
output is indicated by E1). Then, the exclusive-OR be- 
tween E1 and M2 is calculated, and the resultant output 
12 is input to the DES encoder to encrypt it using the key 
K1 (the resultant output is indicated by E2). The above- 



described operation is repeated until all parts of the 
message are encrypted. The final output EN is em- 
ployed as a message authentication code (MAC). 
[0163] The MAC value has a different value if source 
data for generating the MAC changes. A MAC generat- 
ed based on the data (message) to be verified is 
matched with the recorded MAC. If both MACs match, 
it is proved that the data (message) to be verified is not 
modified or tampered with. 

[0164] Referring back to the sequence diagram 
shown in Fig. 23, the client accesses a restoration page 
provided by the management system via the browser 
(step (51)), and the management system provides the 
restoration page for the browser of the client (step (52)). 
The restoration page provided by the management sys- 
tem is a page having an uploading function of the res- 
toration request file [restore.dat]. 
[0165] On the restoration page provided by the man- 
agement system, the client uploads the restoration re^ 
quest file [restore.dat] generated by the client applica- 
tion. As described above with reference to Fig. 24, the 
restoration request file [restore.dat] is formed of a leaf 
ID serving as a client identification data in an EKB dis- 
tribution tree, and a hash value having, for example, a 
MAC (Message Authentication Code). 
[01 66] Upon receipt of the restoration request file [re- 
store.dat], the management system uses a secret key 
shared with the client to determine a hash value for the 
leaf ID, and matches the determined hash value with the 
received hash value to verify the received data (step 
(54)). On the condition that the determined hash value 
matches the received hash value, a start-up file for back- 
up/restoration is sent to the client (step (55)). The start- 
up file has the file structure similar to that described 
above with reference to Fig. 15. 
[01 67] The start-up file is passed from the browser to 
the client application (step (56)) to start a backup/resto- 
ration execution program, which is determined and se- 
lected depending upon a script or an extension of the 
start-up file to perform a restoration process (step (57)). 
[01 68] The objects to be backed up/restored are serv- 
ice data, content, and content usage-right information. 
As described above, the service data can be obtained 
by registering the client to the license server, and the 
content can be obtained from the content server. The 
usage-right information is obtained from the license 
server. In the backup/restoration process, such data are 
also obtained from the respective servers. 
[0169] A process for obtaining service data for back- 
up/restoration is first described with reference to Fig. 26. 
This process is basically performed in accordance with 
a procedure similar to that in the above-described client 
registration process for content purchase. 
[0170] First, the client application sends a registration 
request to the license server (step (61)). The registration 
request includes the transaction ID (TID) contained in 
the start-up file generated by the management system. 
[0171 J The license server which has received the reg- 



30 



35 



40 



45 



50 



15 



29 

istration request identifies the process for obtaining 
service data for backup/restoration based on the trans- 
action ID (TID), and sends an allocation request of pre- 
service data, that is , backup/restoration data of the serv- 
ice data, to the management system (step (62)). The 
management system determines, based on manage- 
ment data, whether or not there is any client terminal 
which executed processing based on the same transac- 
tion ID. If such a client terminal exists, the management 
data in association with the client terminals is stored 
(step (63)). This can prevent processing when a limited 
time (for example, three times) the backup/restoration 
process is carried out and if a request is made in excess 
of the upper limit. 

[0172] The management system which has updated 
the management data sends a response to the pre-serv- 
ice data allocation request to the license server (step 
(64)). This response is sent as permission information 
to issue backup/restoration service data. 
[0173] The license server which has received the pre- 
service data allocation response issues backup/resto- 
ration service data to the client (step (65)). As described 
above with reference to Fig. 1 7(a), the service data 370 
includes a client-unique leaf ID assigned in the EKB dis- 
tribution tree, a service ID serving as a service identifier, 
and data E(Kroot, DNK) formed by encrypting a device 
node key (DNK) using a root key (Kroot). 
[0174] During this operation, the default usage-right 
information (see Fig. 17(b)) is also issued to the client 
from the license server. As described above, standard 
usage-right information contains usage rules and con- 
ditions of the purchased content, and is issued when the 
content is purchased; whereas, the default usage-right 
information is not issued on the condition that the con- 
tent is purchased, but is issued on the condition that the 
client is registered or the service data is issued. As de- 
scribed above, the default usage-right information is 
used as usage-right information for effective use in the 
content preview process. 

[0175] The client which has received the service data 
and default usage-right information from the license 
server stores such data in a storage unit for backup (step 
(66)). 

[01 76] The content backup/restoration process will be 
described with reference to Fig. 27. In the content back- 
up/restoration process, the client application sends a 
content download request to the content server (step 
(71 )). The content is the same as the content previously 
purchased by the client. The client application specifies 
content based on the content ID (CID) to send a down- 
load request of the content to the content server. 
[0177] Upon receipt of the content download request, 
the content server sends content information corre- 
sponding to the CID to the client (step (72)) . The content 
information is information containing the encrypted con- 
tent. As described above with reference to Fig. 17(c), 
the content information is a file in which the content data 
Enc(Kc, Content) encrypted using a content key Kc, the 



30 

data Enc(Kroot, Kc) formed by encrypting the content 
key Kc using a root key Kroot, the EKB for obtaining the 
root key Kroot, and information, such as the preview flag 
data and the service ID, are added. 

s [0178] The client which has received the content in- 
formation sends a request for obtaining usage-right in- 
formation (Usage Right) corresponding to the received 
content to the license server (step (73)). The request 
contains the usage-right information ID (UID) contained 

10 in the start-up file (see Fig. 15), the leaf ID serving as 
client identification data, and the transaction ID (TID). 
[0179] Upon receipt of the usage-right information 
(Usage Right) obtaining request, the license server 
sends an order inqu iry to the management system (step 

15 (74)). This request contains the usage-right information 
ID (UID) and the transaction ID (TID). Upon receipt of 
the order inquiry, the management server sends re- 
sponse information having the usage rules correspond- 
ing to the usage-right information ID (UID) to the license 

20 server in response to the order inquiry (step (75)). 
[0180] Upon receipt of the response information, the 
license server generates usage-right information (Us- 
age Right) having content usage rules, and re-issues 
the generated usage-right information to the client (step 

25 (76)). The content usage rules are formed of the time 
the content can be played back, the expiry, and permis- 
sion information of various operations, such as content 
copying and checkout to an external device. 
[0181] The client which has received the usage-right 

30 information (Usage Right) stores the previously re- 
ceived content and usage-right information in a storage 
unit as backup data. 

[0182] The usage-right information issued by the li- 
cense server in the backup/restoration process may 

35 contain different usage rules from those of the usage- 
right information issued when authorized content is pur- 
chased. Such usage rules may include, for example, 
more limited conditions than the usage rules contained 
in the usage-right information issued when authorized 

40 content is purchased, such as a limited use period, 
copy-prohibited, or checkout-prohibited, and the usage- 
right information for backup/restoration containing such 
usage rules may be issued. 

45 [8. Secondary Distribution of Content Based on 
Recommendation File] 

[0183] A mechanism in which the client which pur- 
chased content in an authorized manner provides the 
so purchased content for another client, i.e., so-called sec- 
ondary distribution of the content is performed, and a 
content usage right is newly delivered from the license 
server so that the client which has received the second- 
arily distributed content can also use the content on the 
55 condition that the client has the authorized content us- 
age right, while reducing the load on the content server 
which distributes the content, will now be described. 
[0184] As described above, the client which plays 
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back the content for use must receive encrypted content 
from the content server and must also receive license 
information, that is, service data and usage-right infor- 
mation corresponding to the content, from the license 
server in order to use the content. 
[0185] Since the license information, i.e., the service 
data and the usage-right information, has a small 
amount of data, a large amount of traffic is not generated 
even if such information is exchanged frequently over a 
communication network such as the Internet, and does 
not cause a problem in that it takes a long time to transfer 
the information. However, the content including various 
kinds of data, such as music data, image data, and pro- 
grams, has a large amount of data. When such a large 
content is transmitted from a specific content server to 
multiple clients, various problems occur in that the trans- 
mission time is long, the load on the content server in- 
creases, a large amount of network traffic is generated, 
etc. There can occur another problem that a communi- 
cation error causes a content distribution error during 
communication. 

[0186] A system in which a client which purchased the 
authorized content provides the content for another cli- 
ent, i.e., secondarily distributes the content, and the cli- 
ent which has received the secondarily distributed con- 
tent receives license information of the content from the 
license server, thus reducing the load on the content 
server which sends the content to the client is described 
hereinbelow. 

[0187] Fig. 28 is a flowchart showing a procedure for 
generating a content file provided by a client which re- 
ceived content in an authorized manner for another cli- 
ent. A data file including the content provided for another 
client is referred to as a recommendation file.. The rec- 
ommendation file contains a content file including the 
encrypted content, and, if necessary, a description file 
(for example, an HTML file) of the content. 
[0188] The process shown in the flowchart of Fig. 28 
is described hereinbelow. A client which performs the 
process shown in Fig. 28 is a client which performed the 
above-described co ntent purchase process to purchase 
the content in an authorized manner or a client which 
received the recommendation file from another client to 
obtain the authorized license in the subsequent proce- 
dure. The process shown in Fig. 28 is carried out by ex- 
ecuting one execution program of the client application 
(the client application 12 shown in Fig. 1) under control 
of acontro!ler(aCPU, etc.) of an information processing 
apparatus serving as a client system. In step S801 , the 
client displays a recommendation-file creation view on 
a display of its client device. 

[0189] An example recommendation -file creation 
view is shown in Fig. 29. A content list 651 of pieces of 
content which were purchased in an authorized manner 
by the client and which can be played back is displayed 
in the center window. When a recommendation file is 
generated, a piece of content is selected from the con- 
tent list 651 (step SB02), and the title, etc., of the select- 



ed piece of content is shown in a list 654 displayed in 
the right window. Movement of the piece of content be- 
tween the content list 651 and the list 654 is executed 
by operating drag switches 652 and 653. 

5 [0190] When the piece of content whose recommen- 
dation file is to be generated is selected, in step S803, 
a recommendation-file creation button 655 is clicked. 
When the recommendation-file creation button 655 is 
clicked, it is determined in step S804 whether or not a 

w description file, for example, an HTML description file, 
is generated and stored in the recommendation file to- 
gether with the conten file. This is selectable by the user. 
[0191] There are two types of recommendation files; 
a recommendation file 720 shown in Fig. 30(a) has a 

15 combination of a content file 721 including the encrypted 
content and a content description file 722, and a recom- 
mendation file 730 shown in Fig. 30(b) has a content file 
721 including the encrypted content alone. The client is 
free to select either type. 

20 [0192] If it is determined in step S804 that a content 
description file is not created, the recommendation file 
730 having the content file 721 alone, shown in Fig. 30 
(b), is generated. 

[0193] The structure of the content file is shown in Fig. 

25 31. The content file(MQT file) 721 includes the encrypt- . 
ed content, meta-information serving as additional con- 
tent information, a shop-server URL indicating the shop 
from which the content can be purchased, and a content 
ID (CID) serving as a content identifier. 

30 [0194] The encrypted content contained in the con- 
tent file is the content encrypted using a content key Kc, 
and the content key Kc is a key which can be obtained 
only by using a key which can be obtained by decoding 
an enabling key block (EKB) provided using an enabling 

35 key block (EKB) distribution tree structure. 

[0195] If it is determined in step S804 that a content 
description file is created, in step S806, description data 
(meta-data) for generating the content description file 
(HTML file) is retrieved from a content management ta- 

40 ble. Although, as described above, the content descrip- 
tion data corresponding to the content is also contained 
in the content file together with the encrypted content, 
the client which obtained the content usage right in an 
authorized manner has stored and managed the content 

45 meta-data retrieved from the content f il as content man- 
agement data in a separate file. The meta-data for the 
description file generated in the recommendation file is 
extracted from the content management data. 
[01 96] In step S807, the meta-data extracted from the 

50 content management data is added to a template HTML 
file set in the client application to generate an HTML file 
for content description. In step S808, a recommendation 
file having a combination of the content file and the 
HWML file for description is generated. 

55 [0197] An example view of the HTML file serving as 
a content description data is shown in Fig. 32. In the 
example shown in Fig. 32, the content is music data. As 
shown in Fig. 32, the description file includes a music 
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content list of song titles, artists, and agents, and de- 
scription of various operations and processes. The cli- 
ent which has received the recommendation file from 
another client first opens the description file. 
[01 98] The content contained in the recommendation 
file is encrypted content, and cannot be played back un- 
less the authorized license information, i.e., the service 
data and the usage-right information corresponding to 
the content, is obtained. Therefore, the client which has 
received the recommendation file must execute a li- 
cense information obtaining procedure in order to use 
the content stored in the recommendation file. 
[0199] The license information obtaining process will 
be described with reference to the process flowcharts 
shown in Figs. 33 and 34. The client which has received 
the recommendation file opens the description file 
(HTML file) shown in Fig. 32, and clicks a preview/pur- 
chase content delivery site button 731 (step S811). This 
clicking operation allows the client application to start 
(step S812) so as to retrieve the content file (MQTfile) 
(see Fig. 31) stored in the same recommendation file to 
extract the content ID (CID) and the shop URL from the 
content file (step S813). 

[0200] The preview/purchase content delivery site 
button 731 of the content description file is therefore 
formed as link data for starting a client application pro- 
gram for extracting the shop-server URL from the con- 
tent file and outputtingthe extracted URL to the browser. 
This enables the client which has received the recom- 
mendation file to easily access the shop to perform the 
purchase process. 

[0201] In step S814, a content file name is configured 
based on the content ID (CID) extracted from the con- 
tent file. This file name configuration process is set in 
advance in the client application, in which, for example, 
the title of the content, the name of artist, combination 
data thereof, or the like is employed. In step S815, the 
conten file having the file name configured in step S81 45 
is stored in the storage unit of the client. 
[0202] In step S81 6, the shop URL extracted from the 
content file in step S813 is transferred to the browser, 
and the browser reads the shop page corresponding to 
the received URL from the shop server. 
[0203] In step S831 in the process shown in the flow- 
chart of Fig. 34, a shop view is shown in the client dis- 
play. The subsequent operations are basically similar to 
any of the above-described content purchase and pre- 
view processes, and are performed according to the 
procedure described above with reference to Figs. 11, 
13, 1 8, and 21 . However the content itself has been al- 
ready retrieved by the conclient from the recommenda- 
tion file, and the process for receiving the content from 
the content server is thus omitted. 
[0204] The overview of a series of operations is 
shown in step S832 and the following steps of the proc- 
ess flowchart shown in Fig. 34. First, when the client 
specifies purchase in the shop view provided by the 
shop server and outputs a purchase request to the shop 



server, a purchase start-up file is sent from the shop 
server. The purchase start-up file has a structure similar 
to that of the start-up file described above with reference 
to Fig. 15. 

5 [0205] In step S833, the content ID (CID) serving as 
a content identifier is retrieved from the start-up file. In 
step S834, a content file name is determined based on 
the content ID (CID). As described above with reference 
to the flowchart shown in Fig. 33, it is defined in the client 

to application that the content file name necessary for stor- 
ing the content in the client device is configured based 
on the content ID (CID), and the CID and the file name 
are associated with each other. 

[0206] In step S835, it is determined whether or not 
15 the file having the same file name as the file name de- 
termined from the content ID (CID) has been stored in 
the storage unit of the client device. If the content has 
not been stored, in step S837, the client device access- 
es the content server to download the content. This op- 
eration is similar to that in the above-described content 
purchase process. 

[0207] Meanwhile, the client which received the rec- 
ommendation file has stored in the storage unit the con- 
tent file having the predetermined file name configured 
in steps S814 and S815 in the flowchart shown in Fig. 
33, and the content usage-right information process is 
performed in step S836, without the content download- 
ing process. Then, the process ends. 
[0208] When the client plays back the content, as de- 
scribed above, the content identifier (CID) stored in the 
content usage-right information is matched with the con- 
tent identifier (CID) of the content to be played back : and 
the content is played back on the condition that the CI Ds 
match. The content can be played back and used by 
decoding an enabling key block (EKB) provided using 
an enabling key block (EKB) distribution tree structure 
to obtain a content key Kc, and by using the obtained 
content key Kc to decode the encrypted content. 
[0209] Accordingly, the client having the content pro- 
vides the recommendation file formed of the content file 
including the encrypted content and the description file 
for another client, thus allowing the other client to re- 
ceive the content without access to the content delivery 
server. The other client is able to use the content on the 
condition that the usage-right information has been ob- 
tained. This prevents unauthorized use of the content. 
[0210] Although the service data obtaining process is 
omitted in the flowchart shown in Fig. 34, when a client 
having no service data receives a recommendation file, 
the client must access the license server to perform a 
registration process to obtain the service data. The reg- 
istration process corresponds to the process described 
above with reference to Figs. 13 and 16. 
[0211] The present invention has been described in 
detail with reference to a specific embodiment. Howev- 
er, it is obvious that modifications or replacements may 
be made to this embodiment by those skilled in the art 
without departing from the spirit and scope of the 
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present invention. The present invention has been dis- 
closed in an exemplary form, and this form should be 
construed as the restricted one. Reference should be 
made to the CLAIM for delineation of the scope of the 
present invention. 

[021 2] The series of operations described herein can 
be executed by hardware or software, or a combination 
thereof. In a case where the operations are executed by 
software, a program containing a sequence of the oper- 
ations may be installed in an internal memory of a com- 
puter incorporated in dedicated hardware to execute the 
program, or the program may be installed in a general- 
purpose computer capable of performing various oper- 
ations to execute the program. 

[0213] For example, the program can be recorded in 
advance in a storage medium such as a hard disk or a 
ROM (Read Only Memory). Alternatively, the program 
can be temporarily or persistently stored (recorded) in 
a removable recording medium, such as a flexible disk, 
a CD-ROM (Compact Disc Read Only Memory), an MO 
(Magneto optical) disk, a DVD (Digital Versatile Disc), a 
magnetic disk, or a semiconductor memory. Such a re- 
movable recording medium can be offered as so-called 
packaged software. 

[0214] The program may be installed in a computer 
from the above-noted removable recording media, or 
may also be wirelessly transferred to a computer from 
a download site or transferred to a computer via a line 
over a network such as a LAN (Local Area Network) or 
the Internet. The computer can receive the thus trans- 
ferred program, and can install the program in an inter- 
nal storage medium such as a hard disk. 
[0215] The various operations described herein may 
be performed in a time-series manner according to the 
description, or may also be performed in parallel or in- 
dependently depending upon the performance of the 
device that performs the operations or depending upon 
necessity. 

Industrial Applicability 

[021 6] According to the structure of the present inven- 
tion, therefore, a client obtains default usage-right infor- 
mation (Default Usage Right) when it is registered to a 
license server, and is permitted to play back the content 
based on the default usage-right information in a content 
preview process without purchasing the content. There- 
fore, the user is able to preview and play back the con- 
tent without purchasing the content. The client which is 
permitted to preview the content is limited to a client 
which has been registered to the license server to obtain 
the default usage-right information. This prevents pre- 
view-data from being randomly distributed. 
[021 7] According to the structure of the present inven- 
tion, furthermore, also in the content preview process 
without purchasing the content, only the user having au- 
thorized DNKs for a hardware EKB [EKB(H)] serving as 
an EKB corresponding to a category tree established for 



hardware devices, which are content-using devices, 
and a service EKB [EKB(S)] serving as an EKB corre- 
sponding to a category tree established for content-us- 
ing services can play back the content and preview the 
5 content with limited playback control. 



Claims 

w 1 . An information processing apparatus for controlling 
decoding and using of encrypted content, said in- 
formation processing apparatus comprising: 

control means for controlling content use based 
is on usage-right information (usage right) corre- 

sponding to the content according to an instruc- 
tion to use the content; and 
recording means for recording default usage- 
right information, the default usage-right infor- 
20 mation being recorded in manufacturing or be- 

ing obtained at a service registration time, 

wherein said control means permits the con- 
tent to be decoded and used based on the descrip- 
25 tion of the default usage-right information when the 
content includes information indicating association 
with the default usage-right information. 

2. An information processing apparatus according to 
30 Claim 1 , wherein the content which is permitted for 

use based on the default usage-right information is 
provided for the purpose of sampling, and 

said control means determines whether or not 
35 the content includes a flag indicating sample 

content, and permits playback of the content 
according to a determination result. 

3. An information processing apparatus according to 
40 Claim 1 , further comprising: 

sending means for sending a service registra- 
tion request; and 

receiving means for receiving the default us- 
45 age-right information sent from a license server 

in response to the registration request. 

4. An information processing apparatus according to 
Claim 3, wherein said receiving means further re- 

so ceives key information necessary for decoding the 
content. 

5. An information processing apparatus for issuing a 
usage right having usage rules of encrypted con- 

55 tent, said information processing apparatus com- 
prising: 

receiving means for receiving a registration re- 
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quest; and 

sending means for sending key information and 
default usage-right information in response to 
the registration request, the key information be- 
ing necessary for decoding the encrypted con- 5 
tent. 



Claim 9, further comprising a step of receiving key 
information necessary for decoding the content. 

1 1 . An information processing method for issuing a us- 
age right having usage rules of encrypted content, 
said information processing method comprising: 



6. An information processing apparatus according to 
Claim 5, wherein the content which is permitted for 
use based on the default usage-right information is 10 
provided for the purpose of sampling, and 

the default usage-right information includes a 
description indicating that playback of the con- 
tent is permitted when the content includes a is 
flag indicating sample content. 

7. An information processing method for controlling 
decoding and using of encrypted content, said in- 
formation processing method comprising a control 20 
step of controlling content use based on usage-right 
information (usage right) corresponding to the con- 
tent according to an instruction to use the content, 

wherein said control step includes: 

25 

a step of determining whether or not the content 
includes information indicating association with 
default usage-right information recorded in 
manufacturing or default usage-right informa- 
tion obtained at a service registration time; and 30 
a step of permitting the content to be decoded 
and used based on the description of the de- 
fault usage-right information when the content 
includes the information indicating association 
with the default usage-right information. 35 

8. An information processing method according to 
Claim 7, 

wherein the content which is permitted for use 
based on the default usage-right information is pro- *o 
vided for the purpose of sampling, and 

said control step further includes a step of de- 
termining whether or not the content includes a 
flag indicating sample content, and permitting 45 
playback of the content according to a determi- 
nation result. 

9. An information processing method according to 
Claim 7, further comprising: so 

a sending step of sending a service registration 
request; and 

a receiving step of receiving the default usage- 
right information sent from a license server in ss 
response to the registration request. 

10. An information processing method according to 



a receiving step of receiving a registration re- 
quest; and 

a sending step of sending key information and 
default usage-right information in response to 
the registration request, the key information be- 
ing necessary for decoding the encrypted con- 
tent. 

12. An information processing method according to 
Claim 11 , wherein the content which is permitted for 
use based on the default usage-right information is 
provided for the purpose of sampling, and 

the default usage-right information includes a 
description indicating that playback of the con- 
tent is permitted when the content includes a 
flag indicating sample content. 

13. A computer program for performing an information 
process for controlling decoding and using of en- 
crypted content, said computer program including 
a control step of controlling content use based on 
usage-right information (usage right) correspond- 
ing to the content according to an instruction to use 
the content, 

wherein said control step includes: 

a step of determining whether or not the content 
includes information indicating association with 
default usage-right information recorded in 
manufacturing or default usage-right informa- 
tion obtained at a service registration time; and 
a step of permitting the content to be decoded 
and used based on the description of the de- 
fault usage-right information when the content 
includes the information indicating association 
with the default usage-right information. 

14. A computer program according to Claim 13, where- 
in the content which is permitted for use based on 
the default usage-right information is provided for 
the purpose of sampling, and 

said control step further includes a step of de- 
termining whether or not the content includes a 
flag indicating sample content, and permitting 
playback of the content according to a determi- 
nation result. 

15. A computer program according to Claim 13, where- 
in the computer program further includes: 
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a sending step of sending a service registration 
request; and 

a receiving step of receiving the default usage- 
right information sent from a license server in 
response to the registration request. 

16. A computer program according to Claim 15, where- 
in the computer program further includes a step of 
receiving key information necessary for decoding 
the content. 

17. A computer program for performing an information 
process for issuing a usage right having usage rules 
of encrypted content, said computer program in- 
cluding: 

a receiving step of receiving a registration re- 
quest; and 

a sending step of sending key information and 
default usage-right information in response to 
the registration request, the key information be- 
ing necessary for decoding the encrypted con- 
tent. 

18. A computer program according to Claim 1 7, where- 
in the content which is permitted for use based on 
the default usage-right information is provided for 
the purpose of sampling, and 

the default usage-right information includes a 
description indicating that playback of the con- 
tent is permitted when the content includes a 
flag indicating sample content 

19. A content usage management system including a 
content using apparatus for decoding and using en- 
crypted content, and a usage-right issuing appara- 
tus for issuing a usage right having usage rules of 
the encrypted content, wherein said content using 
apparatus comprises: 

sending means for sending a service registra- 
tion request; and 

receiving means for receiving default usage- 
right information sent from a license server in 
response to the registration request, and 
said usage-right issuing apparatus comprises: 
receiving means for receiving the registration 
request; and 

sending means for sending key information and 
the default usage-right information in response 
to the registration request, the key information 
being necessary for decoding the encrypted 
content 

20. A content usage managing method for a content us- 
age management system including a content using 
apparatus for decoding and using encrypted con- 
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tent, and a usage-right issuing apparatus for issuing 
a usage right having usage rules of the encrypted 
content, said content usage managing method 
comprising: 

a registration-request sending step of sending 
a service registration request from the content 
using apparatus to the usage-right issuing ap- 
paratus; 

a data sending step of, jn the usage-right issu- 
ing apparatus, receiving the registration re- 
quest and sending key information and default 
usage-right information in response to the reg- 
istration request, the key information being 
necessary for decoding the encrypted content; 
and 

a receiving step of, in the content using appa- 
ratus, receiving the default usage-right infor- 
mation. 
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content reproduction is enabled according to 
the default usage right information. A client 
allowed to perform test listening is limited to 
a client who has performed registration on the 
license server and has default usage right in- 
formation. Thus, it is possible to prevent flood 
of test listening data out of order. 

(57) =1 >T" > % ;/(&*l]ffljt1f fglC 

^7-f7> hits ^-f-tZ>X-t — /NIC 

z&m&mof&izT? * )i> bmm 

^JSSx (Default Usage 
Right) =i >f >7(DS 

£^-T7> hi*. ^-f AlCfcf 
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« 

1 

m m m 

15 

i^^T^ — ^ (^T> ^frb 5: = ZsTlsy (Content) t (¥-£) 4 
* v \*m<D* y M7— ^ , fcSVMi, 7<^y#— K> HD, DV 

D, CD^^^SW^^lam^^ : S:^^«ii^^^^^:^oTV^?, 0 r. 

20 tlb0^ii=i ^v^^te, 3-*- if^Bf P C (Personal Computer), 

ib#s^s w&^/bs*. fcsvMay— A«s§rt©iB«3Mi\ 8i*.fiH 

D, 77 j/Va^^P ^r^Ti-5>&— KMlBflUStt. CD, DVDf 

I 

HD , DVD, CD^ICT^t^tSfcftO'f ^^7x-7*f = 
mt Ltfffl RAM, ROM^SrttS. 
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2 

m&"r—$, ^sv^^n ^ j^mcDm*?*^ ^"r^v 

20 y&mm-f-Zo 

25 
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3 

-a-^. ;§?£©=» yymm^.<D^-^ y *«H£«rfTfc*.wu mmm^M 
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4 

at ^- as $ ft tz. >• t > y <o « # s. t* f u m * m w -r z> m ft «t a & c t? 

(usage right) ^c:S-^V^T^ >" ^ <DfflM trfflffli- 

^ia^^^^S<5v>-rStflB= ^^^^^^^ L> fUffi-rs r £ SrfFpTi- 

15 
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5 

W%-&4k£fl1t =i i/^V^OJpJffl^i* (usage rules) 

io $ e>tc ^w^iim^a^tt^— ^isa^^*3v^T, ft* is x ^ 

15 

20 (usage r i -g h t ) »C*<5< =^^^yfUffi.*rfW«'i'5fW»^ 
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6 

Pt-i-fk^Hfc^V^^^^^J^^^ (usage rules) *SfB 

t$'[tf&£. f7*^ b^it fimsr^m-rs^ff y ^£ ^ 
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7 

(usage right) K£^< ^ *T * S^Jfl «r««"f 5 M 

*l 6 9* -7 * 7V v mm mm n * r s am* x * t , t * 
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8 

Stria -y tf a — * «^n^7A(i s £ b^. atria = ^ 

5 $ b »c % &3&m<on 6 ©m^u 

Rt-iHb^fc^^X^S'WJJB^tf: (usage rules) 2*IB 

£ biz:, ^BW©^ • 7°n A© — *SV*T % 

20 $ b xjc^^O^ 7 ©4!lflSfi. 

t> Bf-i-^b^^^a^^ lsy<D'$m3kW (usage rules) ^ 

f I ^ t- A -c & o X s 
25 iitrfB=»^x^y*iJ/B^ffite N 

tr^^©»ftR*srafe« -t-s mm ^m. t s 
gtrta^jffilt^ff^s^, 
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9 

£ % BfF-§"ffc§*vfc=* ^'T^y (D^m&fc (usage rules) 
flv/^r A *5 6 = ^ V S> jpjffl fl^ftt? *> o T . 

SfBJ&JS^I&fcT*^ */V h^fJ^tSffif* (Default Usage 

Right) iSftLs ^ ^T^y-<Dffixmm&&frfc^&,im&m<D<m 
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10 

KB [EKB (H)] = yf i'S'SRUBiJ-'-tf UTKfc* ft 

1t#T=fV y V - l^Mt^EKB £ Lt©t-t^MifrEKB [EK 
B (S)] ^SttSjE^DNK^ttSa-fO*^ 3 ^^^^ 

|2lt ^7^7y *5«fctf#f— fS^^TA©fMJ^ 
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11 

KB) © 0I| & 5* i~® 

05 ft. ^VT^^-^WSHb*-^^ (EKB) fcfcfflUfc 

^07 ft. ^ny^ (EKB) ©^^©*l**r»W«BBtf 

So 

0 s ft. y p ^aritmaa tt s * ^ p * H -c *> 5 . 

Hi Oft, y y-WrtK:*^**^^ P»««>**«* ttWi " 5,H " e 

IS fx ^as^ Ml ^ 13 - 13 T *> S c 

013ft. *fcr4W*«aK:43»t5#^^-<7-< 

mi 4ft, wa^^^j.KiaavN-c^ff-rs^e'^a-KfFRrra^w 

p -BtfifeS. 

HI 5 ft, 7^/^^-**^*^" rB, " C * >So 

01 6ft, ^7-rT^hK*3VNX^-rS^Sb^T^/vi-S^<T^ 

01 7ft. it— flJB***©^-**^**^*** 
01 8ft. n^x^^mA^a^^^S^^^v-^y^^^^tr^S 

Ell 9 ft, ^ yr y iX"fc5 = 
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12 

m 2 ote, ^mt*--?* ^(ekb) ifc^yfy^tts 

H 2 2 (is wm= ^^yS£*i3©fcK&KW-^SBt?*>5. 
HI 2 3 7'fty7tfcH:3yf>'S'©^y^7s'//!) * 

5. 

@2 4li> y^hr»iS*77^^ [restore, d a t ] © 

028 {is IJa^y K77^/^Ml7n-l:*t0T*fe5, 
02 9^ y * V F7 7.-f/l'4^I®^t0"C^5. 
|2 3 0« N U3^yK77-f^WJ^*t@t*fe5 0 

m 3 2 y = * ^ F77'f^ c f i M^^^ ::3y ^ y:;/ ^ :77/f 

HI 3 3 Ht N V a* is F77 y /^Sf bfc^ ^-fT^McSJfr*^ 

Hi 3 4 K77^^itfc^7^ry Mc&tts^'f 
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13 

m w & mm-r s fc & <o m & <o mm 

3. E KB L7t^ — t^ia^ii 

io 6. nyfyyiAfci^l^I 

8. y3^K77^^ia53yj^©z^iai 

Cl. nyry^Sft^^r^IS] 

i5 Bin, *%w%mm\^fr^>Ty.ymmisx^ j±<DMm&uw~tz> 
pc, p d Km,&m<D-m nmmmm^^^n^ a ??4T^h i cm, 

y7h^x7tLT7 ? 7!>f 1 U * 7-f T7 h77!J ^ 3 7 12 
20 L, C PU#(D$IJ#^^^ J: "fy !7if 1 1 , ^7-f77F77 , ]j 

7 1 2fiil(7)7 B n^^3 l ^^fT^^5 0 

;7 7^7>h77 e !)^-^3 yi2ft, ^7^77 M-:fc{7 5 = 77 
25 v^^^fijffi^tt^^r-^tf ^-Yir^^'lt^o^#^Ss =*7ir7;y:}3j; 

mmmm, 37777^411^1, £>^«, -&is{f£5©^7^7 
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14 

yry^^MS. ^-fe^iT—^ 2 2 te, ^ 7 -f T ^ V d^Jffi-T 

re, M^crlA^yry^^stsMim?, 

iy77A 3 1 tfSMfcStLS. fl^^ A 3 1 ^ 3 iX^-^2 
1 & &.ttttft1tf y^T^V 1 0 a> £> tf> = >Ti/y^-£fctt1rZ>ftTiS 
i»iUtftt5F?^^9ViD (tid) tf>3§fT*Q.S> =^ 

31fts ^ v^It-— /< 2 2 KStUT, ayryyofllffliifftit 
T©5pJffi«l7*— sage Right) ©SSfTtT RTSrfrft 5 . -tb 

>7y7yMO{i, y-f -ferv-^f— ^2 2 ^ ^fijffllto^ 

y ^12 OM^^T^HtTb. ^ 3 S> ^f— 2 1 (O^^ h 

fl»*©DB**3J:-0«*aF*aa»N ^-f7yf7^D v'a ^ 1 2 OfljiJ 



WO 2004/010307 



PCT/JP2003/008267 



15 

^ii#t$tbs ^7^f7yM o ©^7-f7yf7^!)^^3 >- 1 2 a*, 

mt-t-ZftZXOmmmt LT> ^fb^r-^ (EKB : Enabling 

Key Block), 5*^* • ^ — K • (DNK : Device Node Key) «f 

Oif-^«t5„ m&fc*-'?* V9 (E KB : Enabling Key 
Block), T^-f* — F-^r— (DNK: Device Node Key) ti N = 

>- ixiOffl i * * tff-JHi £ Mi" 3 ft ^-efcSo ekb, 

3 y7yy^JI^#l-i^t|IJIi1f# (Usage Right) 
&£/&LT^-lf7*'M * 3 0 fcllltfti- 5 0 $ M-s fl^^T^ 3 1 
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<Dm$iir%-T'/<'< * / — K^F— (DNK: Device Node Key), ^^Nfc^r 
— ^ (EKB : Enabling Key Block) InS^V^T*^^- If^f*-^ 
Sr^U^7-f7yM0lcfit5o ^-tf^T* — ^f4 N Bf#-fb=3 

5 (SDNK) ^^Ot^^'/o>7i!' (EKB) £-^tf 0 

<f T ( P M : Portable Media) (D^C (V^^S^^iX^T^h 
10 (Check-out) $Cfc;fch&) ©fHK^tfSfcS. ^^//^7^ T (PM: 
Portable Media) fi^J X.f£~7 7 yVa^JJ, * J±/hMH D , 

TteSS^C^V * ^ , MD (Mini Disk)^ N — * * 1^*3 

15 Hi 2 Sr#fig IT, 10, v-a y 21 N 7 

J -tel/sl-?- — 2 2 , =1 ^f^S'lr — 2 3 N flV^ T" A 3 1 i tt 

20 

*t , m 2 &m^T&u*T j*<Dm$.M\z^^xm.wi-z>o cpu 

(Central Processing Unit) 1 0 114, ROM (Read Only Memory) 
10 2 ^faift^HTV^^ffi:/* tf=7 A, £>5V^4, IB It SB 10 8 ^fe 
RAM (Random Access Memory) 1 0 3 n — K $ frlfc ~? P ^ 
25 7-M£fl§oT#1tfl!.3g5r!lfrt-5o * 1 0 0 {SfH^S&fT ftV^, 
^ a ^^f^lrCPU 10 1 »c#f#&i-5 a 

ROM (Read Only Memory) 10 2 {4, CPU101 TfifeM'tZ Zfn 
?7 A^|I|0^7^^sl^f'-^^lit5 0 RAM (Random 
Access Memory) 1 0 3 f4, CPU 1 0 1 CUfrlu^V^Ttlt 
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tib&m^Kc pu/^/i if ^e>«^$^«^^ i i i t-<fc o tern- 

_ K=¥— (DNK : Device Node Key). ^T^J-ffc^ — ^ ^ y ^ (EKB : 
Enabling Key Block) Oig/B^S £ LTs M X. fiD E S (Data Encryption 
Standard) (Dlfe-^ikT V XA&5iffl brcRt#«!iS. MAC£j&. ^ 

a^^y^rgjl o 5 f± , {fijttf ATRAC (Adaptive Transform 
Acoustic Coding) 3 MPEG. JPEG^S^ 4a^©7 f '- 

111. AfcH7J-f ^^^^-^ 112. F7-f^ll oSr^U-CU A — 
^^/vfBlg^^ 12 1 ^bSfcfiiiif n 10 9 LTA*t5o * tz. 
®>mfe<Dr* — # fix ^HiSCTs U A— ^^/vfBIS^fls: 1 2 ltel&jjft 

20 

AtU^-f ^ — * 1 1 2 — 7j?— K % ^^#<^A^gl5 1 

0 6, CRT, LCD^Of-f^T'W, * — 6> ft <5 ffi *FP 1 

25 m&ifr ufc^*— ^aisflr 5„ 

[2. @a-ff$£/&£ l/to^ y — (#) fl*affcoi>T] 



5 



, 10 
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(Broadcast Encryption) ^^(O— 5 V V — «J&^ «fc 5 

® 3 oftT^^^-r^-^^ o~i 5 j65 n i/^r i/-ym% SrfTft 5*7 

7©!J-7dr^^b^5^-ty h * y — K^r— (DNK: 

Device Node Key)) £ y ^E- y l^^l - 5 0 gl 3 ©tTS^'^fK 0 0 0 

o ~k i i i i &&7^4 ^o~i5 \z^rfh^enm x> mx bntc v — 

15 @5 (y — K) l-fB*c£;frfc^- : KR-Kl 1 1 ^y - K^-iri^o 

m 3 KiT^i-^ y — m$.fc$$\,^T, mz-&7*/<4 * o f± y 

OOOt, y — F*f— : KO 0 O, KO 0, KO s K R SrEff^-T 5 o 7 s 
/<4 75ftKO10U KOIO, KOI, KO N K R ^rfjf^'f' 0 7 s 
20 /«-f X 1 5 {i s KllllxKl 1 1 , K 1 1 N K 1 , KR^rBf^i-^o 
t£$$s El 3 <D y V — X7)5 0 — 1 5 CO 1 6 fl§ CO ^lE*i £ fr, ^ 

25 

DVD, CD, MD, 77 yi/^*^)) ^&femi-%M*tj;?'( 7°<DT' 
*4 ^^-g-^tLTV^So ££>K:, t^?*7/!)^i/3>t-k^^ 
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vv-Cs M^^m 3 ©^>m-eigAyfcg&£\ i-ftfr^T^-r * o , i, 2, 

15 1, 2, 3 Sr 1 o©^-y i: UT-ffi UTf-^ SfelSrH 

^ts Q r © i 5 tzy>v~ -^tts in 3 ©$>• y -tfiJiM^ts. =^ 

20 
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20 

te-£**L5 3o©7^^ 0 , 1, 2, 3 (DN 
K : Device Node Key) t U T <£> — K 0 0 N KO s KR^r^tfX 
^^f^y— Kdf— (DNK : Device Node Key) ^rf^^i-5 0 r©/ — 
K^r— *^T*^%^Jffi-rs^i:tc«fc 19, flu* — SttVW^o, 

5 1,2, 3®*fc:«flrrS££#-HriBi:feS 0 fcirx.fi. *5i^«Wi- 
5/-K^K0 0li, 7^70, 1, 2, 3 fci&ii-rSi&^dr— i 
3&«o Kffcft^ — K n e — K=¥— K 0 0 T'Bt -§-fb Ufc-flSCE 

nc (K0O, Knew) Sr. * y h !7 — * £r;fr LT £> 3 V>f±fB»jft#: 
(CMIT7/M^0, 1, 2, 3 ^ffi^J-ftLfi, 7*^W * O , 1,2, 
10 3©3*tfS N -?r^T/-^^07 ? / -i N-^' t£:fc5 V^T'j^^'t" <5 Ik'fc J ' — K d r w -K 0 0 
£^-CR£-*§-E n c (K0 0, Knew) V^TSPrfc ^r^- K n ew 

£r#5 w t &*IMk 45. 3&*5 N Enc (Ka, Kb) fiKbSrKad 

15 £>5R#,& t fc&V^. 7*s<4 * 3 O^fWf^li : KO 0 1 1 , 

KOOl.KOOJO.KRWf ) JJ:«t t> ^^f^tbT* 

MLfcr £flS3BjfcLfc#£* N -€r*bE*fes iX^^A (y^-f^O, 1, 2, 
3^^/1—7°) -eiUgff j^St* — * Sr^5fcae>H:^ 7*^-f * 3 £: 
•^A^b^O t) M1n&m&&5o fcfcltt, /-K^-:K001, 

20 KOO,KO,KR%^|ljjft4ttK (t) OOl, K (t) 00, K 

(t) o,K (t) RfcH#fbx 7*^4*0, 1, 2\c^(OJLfSr^—- Sr 

r r T*> K (t) aaafi.HKaaa ©ittf^I 
(Generation) : t <£>Hff3r — "Cfc 5 r. £ Sr^i~ 0 

25 M^f^r— (om^j^m^^x mm -f-^ 0 <D^mt±^w?tiz^m 4 (a) 

te^-t^^Kb^r^-^P $> ^ (E K B : Enabling Key Block) tPpfi^S 
y ff—* let oXMf&ZtiZT-T'ju&fz. t y M7 — * N 

fc5VM3fB^£f£«|fiLT^W * 0 , 1, 2 5 £ £ ^ io 

T^fT£*l,5. ft*3 N ^TSft-fb^ — y ^ (EKB) fi N 0 3|:*t± 



WO 2004/010307 



PCT/JP2003/008267 



21 

-T'P y ^ (EKB) f± % Hfr^o (KRB : Key Renewal Block) 

t p?iftis n t 

5 

04 (A) K7f:1rm%3fc* — y*y? (EKB) Kfi % V- K=¥ — <£> 

*0, l, 2\z.te^X, ISklXt (D^ms— h** — %W,rt-rz>^b%:BW) 

0, tV^* 1 fi, Hffy >- K=¥~ i: LTK (t) 00, K ( t ) 
0, K (t) Rtf&mX'h Y) , * Ilf/-K^-i UTK 

(t) 001, K (t) 00, K (t) 0. K (t) Ras&g-CfcS. 

15 04 (A) ©EKBI^^JXS J: 5 ^EKB^^^COPt^-fb^ — & 
-g-^^-So ftTfkOBf — »*x Enc (K0010, K (t) 00 
1) -C*>5o iiltt7>M^2©to!J-7^^K0 0 10}Cj;ot^ 

^-fk$H7tjE^fy — k=¥— k (t) o o i xh y> „ * 2 te, @# 
©jlo y -^=ar-^«t o-r r. oflf-JHb^— zm^v, K (t) 0 0 1& 
20 #5ii:^-ef5, £fc, 'fe^Xc i 15 |#fcK (t) OOUffiv^, @ 

4 (A) ©T^b 2^g OBf^-fb^r-E nc (K ( t ) 001, K(t) 
0 0) &«-J§-FTf&i:fc 9 s H$f/-K=¥-K (t) 0 0^#5i^St? 
#5„ ^TH1^> HI 4 (A) <D±frb 2WC g £>fl£#{b*— E n c (K ( t) 
0 0, K (t) 0) £m^U M0f/— K=3r-K (t) 0, 0 4 (A) 
25 <D±frt> l&CB<Dm-%-fc*c— E n c (K (t) 0, K (t) R) $r^-5§- 
IK (t) R3r#5„ — f'^^KO 000. KOOOlft / — 

k^-ko 0 0 \zw.m-rz>tt^\^&nx&bT > stf/- K^-t l 

T^I^©»^ K (t) 00, K (t) 0, K (t) RXhZ>„ X'M 
^K0 0 0 0. KOOOlte, 0 4 (A) 0±^b 3 Wt i ©»t#fb3r'- 
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Enc (KOOO, K (t) 00) ?:IflK (t) 00, £r$l#L, 
£*T> 124 (A) <D±frb (D^^-it^r— E n c (K (t) 00, 

K (t) 0) £r^U jSffy-K^r-K (t) 0 N HI 4 (A) <D±fr 
big B OHf-SHb^-E nc(K(t)0,K(t)R) Sr^LK ( t ) 
5 R&#3 0 i©i5ttT, x^-f^O, 1, 2«Mffbfc:llK (t) 
R3r#5 - £ 5„ fc*3 % HI 4 (A) ^-T^^^^^fi, — 

EI 3 KTF-f-y V — M&<D±tiLWz<Dy — K^r— : K (t) 0,K (t) 
10 R<DW.%r&^mx-tb t> > / - K^f^K O O ©^©Ilftoli^g-c^s 
M&fcn, 0 4(B) om&ifc*— 7* V? (EKB) 3r/BV^5^ tX^ 

~W.Wi; — K3r— k ( t) oo^^o, i, 2 icia^ji-§^ £ a§-e 

15 04 (B) C^tEKB (is M%.t£1frfe<Dy;l'~- '7\ZL33\'>X&&'tZ> 

H 3 ^^t«sit»^i-^^— ^rt©^^^ ^ o, i, 2, 3 asfcaiB^&flE 

SrfflV^Ti5!5 % ^fyt Jfe^jg© = Vt" — K (t) c o ntf&MXfo 
5tt5. f^'f^O, 1, 2, 3 tf>*ii©y— K3r — K 0 

20 O^rHffbfcK (t) 0 O Sr^Tfffc&^ii^Hir^ yfVS'^ : 
K (t) c onlrlltffttfcT-^Enc (K (t), K (t) con) 
£rll|4 (B) i^fEKB t t ^^@S^?i-^c r OS* J; !? N y^^-f 

25 

f^^>*)s 7^-f*0, 1, 2tt.EKBSr«LILT#feK (t) 0 0 

©BSf*fb«*{k:fcjfiffi-#-5 ^7yy^K (t) con^ns:^ 
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[3. EKB^tffl bfc=3f — (Om^l 

5 n yfyydf- k ( t ) con SrWS^fcSWi: LT, K ( t ) 0 0 £: 
5 fflV>Tiffc^*ii©=« ^x^^^r— K ( t ) con £rR£-*Hfc Lfcx-^ 
Enc (K (t) 00, K(t) con) t04 (B) t^fEKBt 

B lJl«fc SBf-i-fb^ y-fe — S?7*— * = l/*rl/y**- K (t) c o n t b 

10 

t ^CEKB £ B teifa UV^/-K^KOOO* 

m^T±i£bfc£!lMtf>EKB*Q!SK:J: «9 > / — K^-K (t) 0 O £r 

«#b^H*fy- k=¥-k (t) o o zm^x^m 

15 a^T-^^dp— K ( t ) c onSrSf LTs 'i^tllrf ffit5fcfe{Jl 
g^fctftfSf^o!) — 0 0 0-t?Bt^UT^^i-5„ 

[4. EKB®7t^5'h] 
Hi 6 ^^f^Kfc^r — :/u y 9 (EKB) <D 7 Or — y b M Sr^^c — 
20 v? 3 y2 0 1ft, — j/ * (EKB) — S^a ^Sr^i-flfc 

S'JdF-^&S. J&*3x — a ^«Sif©E KB *«giJi-5ttllSei: = 

t <Dtt!fcm&*^-tmm&i&<>o r'y^n, mshik*—-?* y? (e 

KB) ©SE^&^x/^^^-^SI^Jiy P -©pg^fcSr^i-o 7 s —* 
zK-f 2 0 3 » N &%}4k*r — ZfX2 y? (EKB) 4> <D*f*- $ U<D$LW: 

25 sr^-raw i/?x*h r> . *^-f 2 o 4 te*^gB©&fi N 
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Wifc* — °7uy? (EKB) %?mtti-Z>ffl%7F LXV^5 0 i<DB#©fr — 
^fi, El 7 (b) l^fipl^iS. r (D ^ # ^Bt-^-^^r— ^-a ^ 
fr5 hy/; - K©7 K W^^r h y/y — K7 Kl/^ fctS. 
fi N /W— h — (^Hif^^-K (t) R^^$tltV^5©T, hy^;- 
10 K7KV^IiKRt*§„ fatfft±t©7-^Enc (K 

(t) o, k (t) r) «u ni7o (a) \^-rmmyv — \^-r\±w 

\z.hz> 0 ::t% ^©^—^{4, Enc (k (t) oo, k (t) o) 

•S-tes ^^^0 N fc^ii^ fit 1 *L5 0 ^^(4 {2E (L) ^\ 

15 ( R ) $ t LTKt^tia o ^±^©-7^— * E n c (K ( t ) O , 

K (t) R) <D2z\Z. nT'—?^h&(DX\ L # f= 0 N ^JCWct*— ^3* 

0 7 (c) ^^-r^-^^J> *3 £Tf Z>o 

20 ^^(±s X — ^ Enc (Kxxx, Kyyy) V V — <E> if * \Z. 

$tl5^-T-^En c (Kxxx, Kyyy)... (4, ^M^Bt^"fb 

0:Enc (K(t) 0, K(t) root) 
00:Enc (K(t) 0 0 , K ( t ) 0 ) 
000:Enc (K((t) 000, K(T) 00) 
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^ y h !7 — ^ ^Ir^-r 5IEff ^^*5V^T(i^* b< ftV^ 0 r^^^L, ir 
^bfc^^"^^r— fig^^i"^?!^-^ £ LTfflV^ w t t i !) , 4>ft 

(Signature) 2 0 8 ^ tM^^^P ^ (EKB) 3r 3§ ?T b fc 

ir > -y- — ^ , fe^vMtv-a y^iJ- — /^d^fri-Sfll^fl^-efoSo 

5/^ (EKB) B^aSSgfTUfc^te^-^n 5^ (EKB) "CkS 

[5. ^y-<D^f=>'y^I] 

$%my y — ^3t<^^-t^^(±. b =*r — K r o o t 3 0 1 tfWt'feZfh^ 

U-f<D*m$S£\Zte/ - K^r— 3 0 2 &Wtfe&tl, ftTSttt, y— 7=3r 

K3 0 4 t LTis^-f-^o t^^^mi©/- k©^* ^m^ti^ 

=£}) (Ot'*4 xWifeS — Ktt5„ ^M^o l o<D/ — KSrH^^ IT 
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-r^fcLgs-rsy- K*3J:T*y — ? its. 
m 7L \tm 8 (owzmwc p©io©;-K3 o 5 m»* ^ =? y c^^y^ 

^t5:^m5. {sjilfSt/^ti 5 t-^-r ^ y y 
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li—Zfvyt (EKB) Sr^fifclTEfflr U / - K«T©9*^>f * 

^ y _ KS:ii^t-r5*aift^-^o (ekb) fc»aic^Bfcu-Cs 

*--f K^-Hfr£lH?Ti-5 r. trt*t?# 5. 

mt^-it-tz^^^x?" v ^ v N ofc^r=f y ^^gfc-f-s* tut, r. 

24 (1)1 6^^/) <Z>U- — if^^n^>f ^*>5V>r±1^ fc - t**££l^i~S- 
t&X*%Z>„ * kfc^ *fcTfl!l<Z> 3 2 SO PBS fc: <£ 9 > 2 32 (Jfo 4 ^tf) 

M^i~S=¥ — DNK (Device Node Key) £rfllE£b> HrT48:<£ y — 
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7 I D # s P — ~7 I D t £*b3o 

B©*«©y — K^-*>«v>r±9 - -?*-k£^x myitis tb, EKB 
y &5 vm-±i^# =f y wl<d i o^H^cy — K^tits^ — > 

(EKB) HUgC^lT, 11^ / - K^T^it^T/^ * fclBft 
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9 )V— Y /<- K3 5 OOTSI-T^fA;"- K 3 5 1 *:^^L S 
^©Tt^Tt- If K 3 5 2 N *3 £T/T/> — 3 5 3 

^i"<5o T^- K/— K3 5 3 Srlg&i: Ufc^ U — tt % =L—i?7*s<4x 
V — 3 5 5 t LTt£?£U m^Ztt^b VX$£?firZ>^~ 
KMl&EKB [EKB (H)] SrfBff i" 3 # 9 s " V V V -T'fc 5„ 
Tf-t*^ ; - K 3 5 2 Ufc^ y — j.*--^/^ 

tttSt^ te*tJ& bX3Sff-t"«^ - tr^MJt?E K B [EKB 

-'n ' — KM^EKB [EKB (H)], tf E K B [EKB (S)] 

(Device Node Key) Irtefrh, V — ~7 t>> h T S'* 9 s " <D / — K * X'<D 

[6. = y r ^ ^!iA*5 i ty^i^a] 
i^cov^■c, |g| l l &(.T£:#BS U-cmPJi~5 0 

m tt: o v^ T t£W -f 5 o 

v^y^hiUM (v-a ^y^^-v 5 ) ^I^WL (^^^7° (2)) T s 
X -f W (^fyT 1 (3)) t5. 
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7° (4)) SrfrftoT, ^9 ?iFS:?> LTfa y ^f" — ^^55*7*—^ 
5 {^*rv7 (5)) t5. SStf^-^fcifi. avf^lD (C 

ID), i/a ^^t-/^SiJ^ (Shop ID), *5.fcTCJ e l»A*fcH:WR 

10 g#«rgfii-5 fl^T^^lt, 3^jy^©ii©TOJ 
££rg^ Ur^ (6)) £©*UJM*fc«:, ^ry^ID 

(CID), is a y?- 3 *"- s+nW* (Shop ID) 

15 7Vf ^^3 y ID (TID) ©ISfr&LS (^7-7/ (7)) &Mft-t 
5o h7^f ^"Vs y I D (TID) OHfT^l©P»^il 2©7n 

20 38££L3fcK:£-^-C\ F7Vf^^ayiD (TID) #C 
}; v 77y7°S 1 0 2 JZL&V^T, £j£ Ufd b 7 ^if* ^ s ^ I D (T I 
D) ^7°tw^^^^tl/c3yf>y ID (CID) £ & 

ft Lfc b 7 ^ y I D (T I D) £ix a $/ r/iJ— LTtfclTtu 

25 ^fTi-^ 0 

(2 1 l <D*s— sr^xmizMZo fl^rAii, b^^if^^a^I 
D (T I D) N ^J&Lfc b 7 ^if^iXa VID (TID) t m 

1faffin*T I Dlf#i: s/^f-w^c^-ff U7^ (8)) i~ 
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T*fe5#^^. T I D-lttKm-g-^tLSflfffefcS-^VTx SI^^S (*^ 
5 <yz? (9)) ^Hfr-r^ 0 

15 (10)) i~^ 0 

W^^^^HE^JS (^^2/7° (11)) ^r^fT-f-^o i^^^-n— KfFoT 

20 

fli/^fAtt, £"f\ ^T>y7°S 2 0 1^C^5V^T^ gftbfc^!7^ 
n— Kt=FprS^fc-^^tt5 b 7 Vif ^^3 I D (TID) i s 3fe^^ 
$cL, f3lt£|H£&$3 b7t h^^if ^^3 ^ I D (TID) i^l#L, 
£ b^^^ 5»7S 2 0 2 JC^V^, fig IE L7c h 7 flF^ ^3 V I 
25 D (T I D) ^JfcLTia^£*Lfc=* Vr^y ID (C ID) &$t#U 
^Ty7S 2 0 3 t*V^T, CID ^^j-j^-TS nyfy7©^!)yp- 
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i^n— K*TBT»*fclE*&3S V? (11)) ©ts 3 ^^®^ 

T>^ n — KffiiT&e/g y/t- /^Ji^ttlltT {XsTv? (12)) i- 
5o ^ijryq-mirictt, byvf^i/gyiD (TID), =*i/T 

yn-^URL (C-URL). (L-UR 
L ) % nyryJ'ID ( C I D) N *J^*1»« ID (UID)> ^p°p ( = 
^7-^^) URL (S-URL), t-^ID^t^5. 



<5 o 

^Hfl^rAM^tfc b 7 ^ * ^ I D (T I D) N * 
^ 7" ^ b # s Hlf A&> £ W3:f$3i&~t~ <5 1:1 V> I D (CIDk fS^ 
^^Ad?^Ufc^^>-n- KfffBl*«fc«**t5^lfla«H»# I D (U 
ID), fliX^f^^^tfc^^yn- KfF^tf*^**!,*-?— 
tf^ID. 7^fty^t^URL, (s^T^SO URL S £ 

BUL-CKJ£U, ^^«r^7^7yf77°y7-Va^^j!sa-r, *H 
-^3 >-<gr£3© (T^s/T" (1 5 )) t5. 
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fiSb&Jgfcov^ 0 16 UxmBJi-So ^-r ^S30i tc*5 

10 *fU,E4t 3^-^ T*£>5o EI 1 7 (a) Vx'^—jKO-f* — 

mi 7 (a) &C^1-«fc5^ t-^f-^ 3 7 0Ctt, EKBEf 

15 I^B'J^i: LTCt 1 -^ IDs £ b^T^-f — K^r.— (DNK) «: 
/V"— b ^ — (Kroot) TN*-JHbU<fc7*— *N E (Kroot, DN 

3 Ki^i-j&s^^ (i 5) N (i6) ©a&sicatjfei-So 

20 

Hi 6 fc^i-^^y^s 3 0 1 k:*5V^ U tf i D^jCo-^— tr 
i^SSrH^ LT, if— fc^x-* £S:!fCi-3o 
25 iOlWl^t, f7t^ hftJ^*t'lf V^if — 
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5 0i7 (b) \zmmmffin<D7 £ -*M&m&7F-ir 0 mi 7 (b) ^ 

= >^:/y*fj&T*;fc5^§-^te> =3 ^^^^ ID, 

10 

ymwimmt vx^ Mzi-£nm-7 9?'&a-^ (on) tLt^^^c 

tCfiBI 1 7 (c) ^77^'3 7 3 ^|g^$^ ^7 

7 3 7 3^ty (on) oHitnyfyyT-fcti^ &M&ff*!£tl 
fca l/*r^VX*-foZ> r £ £r^L N »WS:7 7 (OFF) ©K!j£=i 

yfyyTfcM f^^l^ nT£*lT W£V^=i ^7" ^ t Zttt: 

20 i - . 

in 1 6 <Dfei7P-i:i t)77 , !)^-^3 ^jsw^so^a^ni^ 

<^T8M-f5„ 7,ry7S 3 0 2 t*5V^T, "T^^tM 
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T-rZ>t, xTy-fS 3 0 3 IC^VMT, v'a;y7*t^i^tltfcS 
^r-v-a yC9g»77^K'fc5l^lt X7y7S 3 0 4 ^il^lf A 

^t^^a— K^^^r 3 i^^^y^ — ^fc*M^*C*^T i**??? (2 1)) 
19, 3pJffl«tW« (HI 7 (b) fc|B«$tx^: = ^^^y I D (C 

i d) icMtsnyfy^tfcS. ^^yfT/y ^ 9ytt ^ 

ra^if^ID (CID) (Ci^yfy^^LXnyr^^!) 

iD^t53^^yi#*^^ryn:*« (2 

2)) t5. Pff-^-fba^^^yS:^^. 0 17 

(c) ^^-r<t 5 fc, 3^yy*-:KcTfflff-'ftShfc3^W 
7? : E n c (Kc, Content), ayfm-:Kc^ 
— b^-:K r o o t -CPf-JHfc bfcx~ * :Enc(Kroot,KcK 
$ bfc . ;V ~- ; Kr o o t fc&O E'K B . $ h K&M 
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zmmm^n (u s a g e Right) 

/^StLTSIff Ur^ (2 3)) t5. ro5*ftt, ffctefsy 

ttr«iiD (uidk * 7^ r> hmmy*-* t it© y i d. *3 

^*tl5f7^f ^'^3yiD (TID) AS^^ttS. 

— fUJEUMf # (Usage Right) ©tft 

io 4)) &frfc5o r (D^^i-tt, mmmmmi-D (uid), y^^-w 
v^3>-id (tid) as-^axs. ^srBR^?*Sfli bfc^af-— 

tfeXHB^JS^i: UT, fUJBffctim I D (UID) jc»jES-r«fllffl*#*' 
Ig^bfcJfc^'lf $&5r 9 >f * f fcitlfi (xTyzf (2 5)) t5. 

UfcSflJJBfStthfc (Usage Right) If^tT, ^ 7 << T ^ Y 

KM^xmn (2 6)) ts. ^33x ^^T^ymmgk&k 

20 

*IJJB*ftttr$ft (Usage Right) SrSfS lfc^7^7yhtt> 

Stic n ^^y-p- — /<36»6>Sft Ufca yryylco^T^ fijffi*t1f $R 

(Usage Right) ICR ft £ tbfcfUJB 3M*fc:£-^T = > 

25 ftff (Usage Right)I D SrJg^ Lfc =* ^X V ^S4S* (* 
fy7° (27)) fc. ^7^7^ b77°y tr—fa 

mz.ft^tz=i>'r>ym-&&Mft (^T -y7° (2 8)) t5. 
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# 7 *i T^S V 3 8 3 |JI*f LT= y^^g^t^^s £ £ ^ -f ir 

— 381^^7^7yF 3 8 3 \Z.y^^ly^ t LT, i^— tf 
— ^ fUffiti'lf^ (Usage Right) ^x.bJl5„ 

^ >-7^;y te s ayfyy^-:KctJ:P» flt-*Hb $tLT*s X) (e 
nc (Kc, Content), n yr y ^^r~K c (i, EKB^bl 
#"51 bB&A— b root frb'&bfcZ>* — 5 „ 

^^b^^-Y * «/ — K=¥— (DNK) £r^#L N L/cD N 

V^■r3yry^ 7T>f/H5E K B IT, /U — h=¥— :Kroot 

$ h SxW bfc/W— b : K r o o t Sr/B^T^ E n c 
(K r o o t , K c ) ^t^ttnyfy^^— : K c £r&#L N 

= ^7" — : K c %1<<1 £ 5 Bff#-fb= : E n c (K c , 

Content) ©f^l^^U-Cn 1ST ^ V trlfc# 5 „ 

■fr— * N ^J/B^gfim (Usage Right) ir^JE&f+tt 

HI 2 Of*, /n— KM/&EKB [EKB (H)]> 1?" — tf ^ fcfjft E K B [E 
KB (S)] SrSJB LTh^ ^^^^©tg-^^ajcS^ < =i yf V^flJ/B 

HI 2 0 ICtj^I?- — 1**7* — * 401, :fc«fcp^J/B*gffif$ft4 0 3 W\ =7 

>fty^t-/^7Sffit5f^^T?ab tJ . nftft = yTy5'7 7'i'^ 
4 0 2(13 yry^t-^/i^Sit^-^T'fc^. f-— tf^x — ^ 
4 0 1(t V —ymWf-t LTO ]J —7 I D, jg/B-$-5 EKBO/^v i 
3 ^> t-t^MEKB [EKB (S)3 ©H#te:&Sfft-?- 
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— t**»J&7*'«<.*/ — (SDNK) & N — KMJS*f=? V V 

V — IC^fS; UTft^S/^ h=¥ — K root' m £o-cn£-$Hfc bfc 
7*— ^E (Kroot', SDNK) lrMlTV^„ 

5 Pftftayf yy77>f^4 0 2tt, If — l^SfrJ&©# 7" !7 ^ P — 

KttJfc Kroot tr^lfi Ufc-^— t^*T^ 

EKB [EKB (S)]. A— h ^ — K root T*rzl/^^-y I D (C I 

d) £ s = v^>-yBt#^a^^tj«^^^a^3ijii-s ^v-r^y^- 
CK c ) £ >£Bt-5Hfc bfc 7* — ^ E (Kroot, CID + Kc), 
10 t>\ aV^^if (Content) £: = K c "CBf bfc 

7* — ^ E (Kc, Contet) Sr^tf 7 7 4 ^T* & 5 „ 

jut-it f&sr^ ^fyyuMtst^a v ffint tx*&ttt5^, 

20 

25 a^fxJfc 5 r. k&&& bV^ — *^*©SB«#£l:S:8f;fc1\ ^VcT" 

n ^ ^^^^^agig^j^fgVs^^^ ^^^V^-f ^ (PD) ^03. — If 7 s 
x\z.&\,^Xfe, 51^$ttfc'lf^^b^5fUffi^'lf^4 0 3£r=:/^r 
W (OM^f—Z k bT£>AV-f Vfy =3 
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rL — -tF-^/^-f ^ fi N |H 2 0 501 Kl&V^T, — K 

^^f^'f ^ 7 — K^r"— (HDNK) 4 12 LT, K*fJ& 

5 ©E KB (H) 4 1 1 (Dm-W&M&mff b N EKB (H) 4 11i>fc, 
^— KStJfc* y y ]J — »C^-JtS lt^^$ix5^- h =3r — K r o o 

t' Sr5t#i-« 0 DNK$rj|^bfcEKB©^aii, 3fcfc0 5«:#Rab 

10 #C&£. J*^ y /S 5 0 2 fc*3V^T. EKB (H) 6> M V) ffl b fc/l/— 
h 3f — K root' SrfflV^ts If — If * 7* — * 401 ft OBt^-fb^ — 
E (K r o o t \ SDNK) (D'&^Wkm & %ff b „ If— ^MEK 
B [EKB (S)] ©*&3a («■§•) tlffit^f^-f^y^K^^- (S 
DNK) 

15 

J//S 5 0 3 t*5V^T, tf— If;* 7* — *a>bft!9 Hi bTc-^ 
y^^y — K^— (SDNK) £/8V^-C, Bt^fk 3 >"T 7 -Y /l" 4 

0 2^{:ii$^fct^t^MjSEKB [EKB (S)] <D®>m 
fcHfrU t^t^^EKB [EKB (S)] F^^l&i^$^/ti7-— tf 
20 ^^jS^f^U V —Kttfc VXmfcZthZ/U— h^-K root?: 

D((C^f '^S 5 0 4^*5V^T, t^-t^MEKB [EKB (S)] 
^bl D ttj bfc^— h d r w - K root ?:fflV^T, Bf-*Hb = ^"7 f y 7 r 
25 Y/V4 0 2 rt^*&#i$tb/t-»f#Yt;x — ^ E(Kroot,CID + Kc) 
Sr'Sfeff L> = ^-r ^ I D (CID) t % a ^7^^^- (K 

C) ^Wlt5 0 

#c^> *t- y^s 5 o 5 h*jv>t, uf-i-'fb^ ^yyr^ A- 4 0 2 
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frb"®LY) m bfc=i i d (cid) ftmmwnftfcfcm&in 

y>s 5 o 6 jcfcv^-c^ Pf-*Hfc;= ^7^77^4 0 2^bl^) ffi brc 

5 3Vx>-^^r— (Kc) SrigffiLT. B|f 3yfy5'77'1 , ^4 0 2 
l£|&i!tt£^fdllf #^3^^^^E (Kc, Content) LT 

kb [ekb (h)] ^^T>vmm-y--'e*Ktti&isxm7£zti 

fc^T-=f U i'D-lCfJStSEKB t UTOt — tTjX 3tJ5& EKB [EK 
B (S)] ?r^^L^tt#IBtJ^^-if (CM ITliL, ^rtb^ett^EKB 

15 zttf-tsmtftZo 

If— tT ^^J&E KB [EKB (S)] ^If t5fcJ6©DNK, i"^ 
t>%SDNKfi, 3 ^^i/^^^Ufcif— tf^^-^ 4 0 1 h Ltil 
^■5Itg-efct)s tfcSDNK^]ES^^-K!)i7^0DNK, 
20 t>^HD NK$r^-i-5^^<D^^St#-5Ttg/fe^- KM^fnl y V 
— KMJfe VXWL1&-&ft>Z>^— h ^ — K root' SriM LTRf-JHb bTc 

b^t^s n (cid) mmmmmfrtby&nzft 
z> c i d t (D^r ^^->-^mm^mff-r^m^t ufcoT\ mmm-\nn4 

xtD&mmi* t-rzz k&-zsmtte*) ^ mm o it =• ^ ^ y 
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5 xmw-fz* 

^ (0l9#flS) £r&# LT^ 7^7 V h i/^^i^fBltSMei&ifft b N 

15 777" (3D) t5. £*Ltfu 3fcte* X>- h*sWWS*Srfrfto 
fen yfyy-c^s, 77^77h7/U^-^ 3 yfj;, 
D (CID) lc J: 19 =3 V^4rJg^UT=i v-^^-^^^^n— K^3fc 

6 3 1/7- 1/ ^ \zm b xmni~ 5 „ 

7 77" (3 2)) -T5 0 37 7^/^ h^Sff Lfc^ 7^77 M£ > 

ft a V7 i vSMc#i-5fS£8!ja£:SSfT i^^v^ (3 3)) f^^O 

^^S^^a©#!llI^oV^-C, EJ2 207n-^#ItTlftPJt5 0 
^^S/^S 7 0 1 fc&V^T. ^7-f77b77'!J^-v/37(i, a >^ 
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&:\ZXTiy7S 7 0 2 ^*5Vn-C, ttffl Lfcf-— If* I D \zMJfc-f&T~ 
-7 lr)V hfflmfetfi®. (Default Usage Right) (EI 

5 17 (b) mm) (o^mzmfc-tz. ^^a-^hmmmmmn. *?>c 
Ti/ h<D&mmmm\c -9—^*7*—* mi 7 c a ) mm) 1 1 

-cfijffi $ ti zmmmmnx h s 0 

10 

= ^Xi/^fsW^V^Tte. l^JJBtfMf* n (D e f a u 1 t 

Usage Right) & f& W i" 3 - t ^l£J|&|fifrfF"5J#M* tf fc «5 . 

15 

y*? Hr>\> hJpJfflti'If # (Default Usage Right) 
$ tbXV^ *7- y 7S 7 0 3 fcas^T^ f-yarJV hfflm 

«Ht«*rtftIEU 5pJ^«ltt#OfB»«r?fS®i-5o 9*7 hflljl tilt « 
Kite, ^^.rfftWt7 7^^-^o==^7 t ^7©W;|SI<l : "5T N feSV^Hf^liiBT 

^t^fy/S 7 0 4 i^joV^T. 7*7^-/1^ hflJffitlUt^ (D e f a u 
It Usage R i g h t ) <£>flJ/B 3M$lZlg^5V^T a ^7 #5?? 



**5 > = >'7^^^ltA^S^#^^V^^^^;S^^V^T 1 b, IH2 0 
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mmZfcfcjJT- V V V EKBi: ITOa- KMfiJEK 

b [ekb (h)] ts ^>-T^ymm^—^*^ttfo\^xmf££tifc 

5 ^T^D^y-tMtSEKBHTlDt-t^mEKB [EKB 

S©^^^^^-/^ hfU/Blf 'It# (Default Usage Rig 
ht) =i Vx^^ ©IfA:fcQ;S£#*>&V\ fW>*Q;3I©iH^ 

15 ©l^S^Wig^ ft 9. ifefc, l«^f^$;ft3^ ^ T:/ Mi, 7 

J\> bfljffift'lf (Default Usage Right) ©^$E3r 
¥U£LT, f-yirJV bflJ/BtS'lf ^©fB^^S^V^TS^SrfT^ 5 *H £ 

25 

[7. s<-y ? T y ~7° / !) ^ h7 #Q;3I] 

7^7^ b^iAtfc^ ^^>-^*fcfi^ V^^^fUffilt'tf 
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V x bTfeStts ^7^7^ h © = yry^IA^v fcSVMifig Alt 

-If^X-^s 5pJfflflHf«©S«t#> tl^^ls S>«VNtt=I V^^y© 

5 

S^x — ftiW^Sv' — ^>-^^JSrttW-t-5d^ Wit: 
ill 2 3 £*T£r#f$ L-C> ^<^7y//!) * f7fel©#atoV^T 

25 h T*f—$ <DM1% <D fz. #) <D T~ — ? 7 T 4 Sis t <D V X b7MI* 
Cres tore, dat] (^fy?' (5 0)) f5„ 

!J ^ h 7feII*7 T-f/V [restore, dat] c7)«^^rH 2 4 
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@ 2 4 tC^fJ:3 Kl. y * b 7&II*77-f^ [restore, 
d a t] tf\ EKBSBff ^ y — ^*5»t5^7>TT^ MfcgiJT*-* t IT 
©!)^-7 IDt, /NyVa (hash) #)J x. tfMA C (Message 

Authentication Code) ■ fl> b ft 5 ^|E^— $ \C «fc o T$t/3fc £ ft 6 . ^ =7 
5 -f7y h7/!J ^fi. flV^f At*tt«»«©*«:Iffi 

AC«r#ffiU V — ~7 I D irffciE/B-T*— **»6>fc* y * f7MI*7 
7" W [res tore, dat] :£j5£"2~ <5 „ 

10 P< ir — ^^|E^F^- (MAC : Message authentication Code) f± > 

X — * ©afcfitfeSEJB©^— * i 1X4^^5 t>©^j5'5. D E S Bff--^ 
*Qsa*fifeSrfflV^fcMACfli[4feJ5K^SrBI 2 5 tc^i~ 0 HI 2 5 O^^^^-f 

ftfc;* jyfe — v??rM 1 „ M 2 % • • • % MN tlrZ)^ i\ ^U^iff (Initial 
15 Value (^T. IVit5)) tM 1 S:MW»iftt5 (^©ii&mSr I 
Ut5). I 1 E SBf-^-fblfP^Att. ft (J^T, KUf 

5) Sr/BV^TRf^-te-r 6 (ffi^^E 1 i f5) 0 SfettT. ElisiVM 
2 Sr^f&^ifeaSl U t©tt)^ I 2 ^DE SH£-*Hb£P^A*b> ItK 1 £r 
m^xm-^lk-tz (ffiTJ E 2 )„ £*T> iftSrifft t>5g W yir 
20 — ^te^UTl£^b&3B&-;[te^-„ ft^KlffiT^fcENaM 3>-fe — SMBOE 
(MAC (Message Authentication Code)) <!: ft 5 „ 

UnMKDv'— 9 (*y± — v>) Klg<5V>T£jifeLfcMAC tg^ £ *X 
25 TV>5MAC £ ©Jfctfc&fTVV -iLTV^li, ^SEM^©^— ^ (^ 

123 ©^-<7-V^lc^ 9 E^lri»t5 0 * 7^ h fit, 7*7 >7if 
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(5 1)) U ta^^TAti, V * hT^-i?** 9 4T^ Y<D-Z?7 
W ^=rVf (5 2)) t5. fii/^fA©S^t5 V * V 

r ^<^. i ?( is ]) ^ h T^M^i^y 7 4 [restore. d a t ] <£> 

5 

[restore, dat] «r7y^-Kt5. P * t^TMIt7 
T^yV [restore, d a t] (i, i2 4 ttM bfc £ 5 

IDi:, ^JxJ-fMAC (Message Authentication Code) 
v" a ( h a s h ) It .£ o T1#^ $ 5 . 

^^v^T^ {i, y ^ b 7^11*7 7^ /V [restore, da 

15 t] igfits^ ^^r:/^*w-r3Mii&/Bv^ y-^i 

^M£I£ ; fT&VV git CO^EE ^Tvf (5 4)) &?Tft5o 

9Tv?'/ y ) * hrmoMWi^T'f MJiiUfflr (^T'^ 

20 ( 5 5 )) t5. jBtt^T'T^Wfll^ttN ife^BIl 5Sr#RgU"CttWb 
ft (77y7 (5 6)), jBSb^T'l'/KPlBS&x & 3 filftSK^K: £ o T 

25 wJ^siR^fts^^r y-f/3 * hrmny* A&jgwjb. y* 

hT^S^^fT ( ^ T" ^ 7° (5 7)) i~5 0 
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5 
10 

^te^Hi (xTy? (6 1)) -T5 0 £©»*K3fcK:H:^ ^ 

dS^fifeU^jBtt^T^/^*^^*^* f7^f^^3 ^ I D (T I D) 

15 

Lfc7-f ir f7^f ^^3>I D (T 

ID) tC£<5V^T. ^S'^7 5'7°/!J7> h7ffit^t^f^^O|l#-C 

20 y7" (6 2)) SrfT3&5. fSV^f Afi, I^C h^^if^ v-s ^ I D 
7° ( 6 3 )) i~5„ ^ftfiJ^ /*y?7 y -7/ V * h7Ml©^HHt(7; 

^«SJS#Sr7^"t^^f— ^tCSIflr (^777" (6 4)) f5„ 
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It-— tf * * § iJ MS ^Srgfl b fc 7 >f ± f * -f- — * W\ ^ * 

5 SrlifT {^yzf (6 5)) i-£ 0 If— B\ 5felc|ll 7 (a) 
VxmW bfc J: 5 fcs t-^7-^ 3 7 0l;ii, EKBEfty 

giJT-i: LT(Dt- if* I D> $ 6»lc-7*^>f *y — R3f— (DNK) £r/P 
-b=3r— (Kr o o t) T?B£-5§-ft; bfc^ — * % E(K root, DNK) 
10 ^f|i5 0 

15 =»>^^y©fl||AtC#JfcbT38fT$*l3 t^*-^ h^ijffl 

20 

^.-r-fe^u-— ^^e>-^— if* 7*— * N ^-7*^ hmmmmn^^m 
• a^t&sw (*^s/^ (6 6)) i-5. 

tov^tKwts. =< ^^©^ -y t v7°/v * b T^mmn (Dm 

nVTVyt^^l^LT^lT (7 1)) i~5 0 ^tU£ N 5fe 
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y tr — yii, ayfy^iD (CID) \c «t V a ^t- ^Je/t U 
Tayrvy^^o- K5**a^f ^yf^fc^ LT^tTt5 0 

5 I D»!i«-J4:i-S =1 v^^lf^S::? Mcigft {^"ry^ (7 

2)) ts. ^(D^is'r^ymnte, m^rfc=n/T^ry&<£ttmmx'&> 

Z> 0 fazm 17(c) MtTlfl Ufcfc 5 fc. =i ^rlsy*— : K 
c -CBf-^-'fb ^ tl/fc =a l/7 L l>'y7 s '—# :Enc (Kc, Content). 
=i yfvy*- : K c £r/P — h ^r— : K r o o t "T?B£-£-fb U Hi?*— ? : 
10 Enc (Kroot, Kc). $ b : Y : K r o o t £r ®t# 

tifcfeOEKB, & b«7 7^7-^> If;* I D^otima* 

15 5jpJfflttHH$R (U s a g e Right) ©M^^7^ty^f- 
^IcML-CjUff {*Tv~f (7 3)) t5, j&Wj^T'-r 
^ (0 1 5#i) 'H-^TfcfrS^JJBttl** I D (UIDk ^7^7^ 
MH3ij7-^itT©!)-7ID, h^yf^^ayiD (TID) tf* 

20 

jpjffi^glf^ (Usage Right) ©$t# 

4)) SrfrfcSo ;i<E>553fctz:W^ fU JBftr If fft I D (UID), h^^if^ 
v^a^-lD (TID) ^I*i5, &3tflB£*r£«Ufc*F3ffii>--'<ra. 

25 mxmgjfc&t lt> #ijb«h**rid (uid) ^^i-5fu^^#^ 

KjeLfc^timSr^ ty^t- ^Ki£{f (xTvzt (7 5)) t5„ 

Lfc^JjMlf^ (Usage Right) ££jE& Ut, * 7 <Y T ^ h 
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fcSt LT SIS fx (77^ (7 6)) t5. ftfex = ^7 t ^y^Jffl^# 
5 Jfljffltfittf ^ (Usage Right) Sr^fil b fc ^ 7^7^ 

[8. y = ^ ^ K7T^/^^<ts = ^v i ^^^>~^iaft] 

iBflla i'^S'S'SrSfcU*:* 9>f T ^ h fcife^T t> iES &=» ^ I'S' 

25 
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gaff B^w^^a^s k ^orcmmn%&±^%:^ 0 u^u. — 2r v 

15 5nyfy^?:I0^7^7y h^ftt, ~#:BB{f SrUfT L. 

— #12 ft »c «t 5 = >T >y <D&&&$ttfit? 7^7yf^, ^©^^^ 

20 

Sr^-fV 1©^ 7^T> M-S^l-^ v:y£^-g•;tf7 ^ -- 

;? •? r << V 3^yK77^/>i l¥^o JJ = ^ V K 7 T >f /Wc fi, R£ 

HI 2 8©^l7D-(:oV^tiP^t5 0 HI 2 8 ^Jg^HfT-f 3 * 7 
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y (H©^7^7yt>7^!)7--^3yi2) ©i 001^0^7 

5 ut^ r ^ b^^-^A t ^TtDmmt&mmmomm^m (cp 

U^) IE* Z^mOTK^ff £th% 0 777/S 8 0 1 tfc^T, ^ 7 
-<7y Mt, SB©^7-1 , 7> b^Bo^V W \Z.V ^*^Y-7t 

4 m s & m ^ -t- 5 o 



10 y =i >- K7 T^/Wm®®#!£III 2 9 Kl7^-r o * T V h^IE^ 
^AU, ff^-prfg^^^^ V^P * b 6 5 1 ^np^.^^^^^^ ]) 

T^^^riliK (^7^7°S 8 0 2) U7b 6 5 4l^^f^ 

f^^5„ yfyy !)7vh65lH^f 6 5 4 mco^Wj^m 
15 lis tllj^^yf 6 5 2, 6 5 3 ©Sf(aoTltT$tl5c 

8 0 3 ^^V^T. !)^yF77^ >- 6 5 5 7WF£;ft5 0 

p 3 ^yF77-f /W^J&tf; ^ V 6 5 5 7^3f T ^fy7 s S8 0 

20 4&££5^T> !Jn^K77'f/H^l:3y7y7 7^/K-tfTi?e7 
T -f /K W^tfHTML «fc o TfBi£ $ frfclftl^ 77^ 7V^r^^^i~ 

y =1 ^ ^ K7 T-r/^^«> @3o (a) td^-r £ 5 ut-^-^ =i 

25 ^-^tf = ^7^777^^ 2 1 £ = V^i^ig 37 T 4 ^7 2 

2 £ Sriii.^ ^>^fcy = V K7 7-f ^7 2 0 *Sj& <t . IS 3 0 (b) \Z. 

T^-fX. 5 i-s =t yf^7 7 r^f ^7 2 10^ 
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V^ iSSftUfc EI 3 0 (b) I^f3yry^77^/l'7 2 1© 

36* 6**5 !)3^K77'f/i'7 3 0 as^ffcSftS. 

5 

=i >"r^V 7 t -4 >^<Dm$L%:m 3 l Jc^i" 0 3 yfyy 77^^ (M 

qt7 7 ^;h 7 2 i ictt, m^t^^T^y ^^T^^tttomn 

7t^uRL, = v-^^^ligiJ^i: lt©3y/y7 I D (CID) 
10 tfS-g-^tiS. 

c f± s «^7"oy^ (ekb) salt y y — «/&£rit;B UXltft$ 

i5 ti^mmt^r— ~?xiy? (ekb) <Dm&K x x> w&*smt£*— <omm 

5B^Lfc»-g*tt, s^S 8 0 6 IdiS^ = ^ V Mm 7 T -f A* (H 
20 TML77'f/v) ^ffloKKf-^ (**7*— 5:3y7y7fl 

M^Tv^5^^ iE^^n ^T^vmmm&'&m^ti? ?4 t> ms n 

25 ry7fl7^-^HT, ^J77^/H:^flltfc!5 v !)3^7F 
^fy7*S 8 0 7 H*iV^, = yry^flf- Ufd^ ^ 
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TML77-f/H:4^l„ 7rs'^S 8 0 8|:j3V^T % ^^=ri/yy T 

5 S 0 

=i ^^Ifcl^/B^ — * £ ITOHTML77 A' 
HI 3 2 ^^-fo 0 3 2 KlT^i-Wi. =i 

UT^/ hfrb%:m\^tc? =7^ TV Mi, *f i©i?!77^/v^t- 

15 y =^ ^ K^T-r^^*&^$t^fc=i v^^^y tent -*Hfc£ ttfc=i yf 
in 3 2 \z.7F-tmmm~7 r 4 /is (html77^h 7yi,m 

25 fA^yryygaift-f 7 3 1 ]J (^ryT'SSl 

1) f§„ ZL(D$ ]} -y # ^3«3® t i ^ ^ h TT/y <Jr-iXa i^tfS 

|3ffj (77$/7S8 12) |^Cy=^ V K^T'f /Wc fc = 

y7y , 77 7^^ (MQT77^f/V) (@3 1#IS) ^i^WlT, =1 
y7y777^^b3yry5'ID (CID) <k ;X h >;/ :7°UR L £ft 
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m Ury/s8i3) -t% 0 

10 7fy^S 8 1 4K*SV^t, ^7 V s .7:7 T ^ /V7>£>tttti U7c = ^7=- 
yylD (CID) Icg^S^T. 3yfyy77^/^^ltt5„ 
frte^7-'fT>'b7':7 D !;<7- — v- 3 >-^*3v^-c^Jt>^:^ $ r << ' ;v 

fc5VM3^<Dltl^-^7J^/E £*L5 D 8 i 5 

15 7fy^S814 5 "C IS 5£ L 7c T 7 r >f /W& <£> =i l^Z7 7 ^ ^73^ ^ 

#^C, 7TS/^S 8 1 6^*5V^~C. 8 1 3 -C=r 



HI 3 4 (^^917 P^©7vf y/S 8 3 1 \ZL$S V^t^ 3 y 7°P5®^^ 

B&ifc U 7c =i ^7 yy©»AM, ^«^S©v^fti^(D^l £ m^7?fe 

25 «9 , 3g{£0 11, |13 N 11118. 0 2 1 C^oTlBI Lfc&Sfc^ 5 
F7 r-f /l^73^^#^^-T?'fe 5(^7:\ 3 V^V^f- — ^77 b CD n 
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^^^7°S 8 3 3 JCfeV^-C, iBft7 7'f/Vi s &3 

^iUCayfyyiD (CID) £rEtf#-f5 0 yT'SS 
3 4ti3V^Ts aVfyyiD (CID) fcS^V^T. = ly^r^yy T 

y7ID (CID) ^S<5V^^5££*x5 £ ?4T^ hT^V tr 
— ^K3S^XM.fe£frls C I Dt7 T^/^0*f^f+^^^$tL-c 

15 ^fs'^S 8 3 5 WT % ayry^ID (CID) /^b^fflbfc 

<Dmm.nizfem£tix^zfr : gfr$:m7£-rz> 0 * ferns nx 

^ri/7°s 8 3 7 fcii^K ayfyyt^ciiLt, 
20 it 3 yfyy^A^o^S t l^^"Cfe5 0 

3 3(D7V— S©^f-77S8 1 4, S 8 1 5 KlSSV^T, M^<^ 7 T 4 

bfc = >- 9 s - 7 r-f^Sr IB tttHSKiftjlft bT*5 D „ ^^-^v 

25 70^!)yn- K^Sfi^W&^Hs ^TS'T'S 8 3 eOnyf^yflJl 
;|ft1fttt03c#&a!££?T b^S Sr^Ti" 6 - t flSWtB 1 ft 3 . 

^7^>-^^Jffit||'lt^^^^$tL7C=i^7"^^iiSlJ^ (CID) tmttt 
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t^yryyo^yry^SISiJ^ (C I D) i^I^^ft^v^C I DO 

? (ekb) fait yv -m&%mm^xmm£frz>m$hfc*~-yv v? 

(EKB) «t I? =1 ^-7" V^^r — K c ^r^#L. SU# Lfc = 

5 yy^-K c £ig/S LTBf -§-^3 ^-r >y<D&-%-®im&mftirZ> r £ 

10 ^ y K7 7 ^ 7 y 1> icSfttS I i T\ fife, © ^ 7 T ^ 

0kfcb X^X^l'T^wmffl&'ZIffeb *5»fe5©^ ^3Eft = :x 
r- V y ©fiJJB tt B5 it $ tt 5 o 

15 

20 s<b^5 0 ^(D^m^m^m^n, Tctin, m 1 6 %^m\^xmw 

Lfc^a^M/^-f-S^Si: ft3„ 
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fe5= y ^ m^oit^j: s^a&Hfr-r ^m-^fix ^s-^— ^v^^ib 

10 (Read Only Memory) £>!B^ L T:}3 < i £ 3&S ~e # 5 0 fo5VMi N 7° 
n ^ =7 A fti 7 =3f- */Zf/V7 s ^ ^ $ N C D — R OM (Compact Disc Read 
Only Memory) , M O (Magneto optical) 7* -f ^ , DVD (Digital 
Versatile Disc). 1^7^ * £\ ¥3* *M * JJ if © P A — -f 

20 ^^^j^feiHUfc 9 s LAN (Local Area Network) N 4^*— *yhk 



WO 2004/010307 



PCT/JP2003/008267 



59 

4*isxV~'*Ktt+Z&&tem<D&\Z7 s 7*;\'hfflmfctftn (D e f 
ault Usag'e - Right) «:fljt#l^ =^^^©1*^1 

15 KB [EKB (H)] a ^ ^fUffl — tf * ^ b XWtfe $ *L 

V y V — teSfrlfci-S EKB t LtOt-lf^MEKB [EK 
B ( S )] JE^ftD NKSrftS^- If O^iSa ^-^^^S^fe. 
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(usage fight) lcS<H>-C N ft = V V ©SflJJB 

is its if ^M-SISSo 

3. fulS'lf $ bte. 
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61 



4. nfrfagte^swu £ h^mu^^^^ycDm^K^wt^^m 

5 5. Plff^tlfcnyfy^C^Jffi^fr (usage rules) 

7 . myitis fhtz. ^y"^y(om^-Rumm ^mm-p % mmmmj? 

(usage right) Klg^< n V ^flJ^B Wt 5 M$P^ 
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fan ^^v^oS^SrfF-eri-^.^^ s/^Sr^-fr- b %m$k tir 5f»* 

10 9. s&fa'it^^a^-fe^. $£>ku 

f- - if * &mm* & mm -r z> mm * t y t N 

15 

io. ■mmmm^m^mit, £ e>tc N 

20 11. &-&fc£tl1t=i f?ls?y<D%nmfkfir (usage rule 
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1 3. Sf#'fb$ttfe=' >-x ^^^^#-S.t>^U^^$iJ^f S'lt^^S 
(usage right) Idg-cK = ^ 7flJ/B Sr^J^p-f- 5 $<J^^ 

n^-x^^fi. nm<o n &jx*m@k£frz t> <^x2fc x> . 
51 3 ^ia^o = >- 1° ^. — ^ • 7° o ^ 7 & o 

25 15. MIB ^ tf — ^ • zfuJfyJ^te^ $£>M, 
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16. tfrfB=» is \£ • 7v 7=? Af± % 

1 7. Rf^fc^frfca^^^^^JJl^ft 1 (usage rule 

io »»5?3fc ^^yfh^ 

15 is. striae ^ h^ijffl^'if#^s<3v^TfiJ^^fFRr$tL5Htrl5 

n^^V^fi, UUB <Z> gift £fr 3 t>©Tf*> .9 s 

$jiTV^ri:4:i|§ttit«ll*Sl 7 1^15^0 = ^ f =■ — * ■ 7°*? 
20 9 ^ c 

m^mt. rtf*-fb$*Lfc3 (usage rule 

25 |lJIfl^7Atfeot^ 
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mmmt, m^-^^Mc^^T^^^mm^i^ (usage rule 

■gr is = v ^ v y f u m m m h m ia m m m m n m m ^ n u x f- - 
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